I'm trying to pass only Warning / Error / Critical level Application Logs through NXLog to my ELK stack. When I have this configuration
<Input EventLog_In> Module im_msvistalog
<QueryList>\ <Query Id="0">\
Exec to_json(); </Input>
everything works fine, and I'm collecting all levels of Application logs. I tried putting in a parameter on the
<Select Path> line like this
And it craps itself and I get nothing. NXLog isn't reporting any issue, and I'm not seeing anything on the logstash side of things.
I got the information about Event Viewer querying from this thread and adapted it to my use case: https://serverfault.com/questions/543494/query-specific-logs-from-event-log-using-nxlog