get-winevent output to a file getting stored as binary
I am using get-winevent to convert an evtx log to .json file. Then I've send it to ELK. Get-WinEvent -Path .\log.evtx | ConvertTo-Json|Format-List | Out-File log.json
The file looks like a normal string containing file on windows. But when I take it to linux, it contains binary data and cannot be parsed to ELK.
Even if I use out-string, nothing changes. $result = Get-WinEvent -Path .\user-creation-1log.evtx | ConvertTo-Json| Format-List
$result | Out-String | out-file log.json
This also appears like a binary file in linux. (Although I remember export-csv with get-winevent created complete text file, but this makes a really ugly formatted csv file). I really liked the way convertTo-json formatted and valued the json data and would prefer it. (if someone can provide a different way to convert the evtx data in its fullest form to json, happy to take).
I've tried evtx2csv python module, but that doesn't write output to a file.
First, don't use Format-List if you intend to export JSON. This is only for formatting objects as a nice visual representation in the console.
Also, I don't use Linux, but I guess it's safest to specify utf8 as encoding explicitly to make sure it's compatible:
Get-WinEvent -Path .\log.evtx | ConvertTo-Json | Out-File log.json -Encoding utf8
- Iterating Json attributes and PSCustom Objects
- MS Graph API - How to query additional pages
- Certificate Rebind in IIS 10 using powershell
- How to make PowerShell tab completion work like Bash
- Powershell function to check input and return datatype is not returning correct values
- Convert string to DateTime in Powershell from CSV
- PowerShell Call SSIS package, Pass Two (or More) Parameters
- Print Local Group Members in PowerShell 5.0
- Get current computer's distinguished name in powershell without using the ActiveDirectory module
- Best PowerShell method to get the current Active Directory Site name of the local computer
- NetBIOS domain of computer in PowerShell
- How do find out short name of domain I'm in?
- Powershell : How to include the root directory while creating a zip using a function
- PSCustomObject to Hashtable
- How to create a Run As Administrator shortcut using PowerShell
- Az-GetRoleAssigments Not returning Data for DisplayName, SignInName & Object Type - Azure Powershell Runbook
- powershell parse Json file with \ and wildcard in the key name
- Is there a string concatenation shortcut in PowerShell?
- import files to databricks workspace
- How is child_process.exec('powershell "$userInput = Read-Host;"') handled in node.js?
- Can't use sed when using ssh with ms powershell to linux host
- Append information to the output of an existing command
- Win-PS2EXE - Respect the location of the resulting executable
- Powershell : Im failing to get directories+files in a particular path using get-ChildItem cmdlet
- Simple way to find position number in a given object for a value
- PowerShell script to return versions of .NET Framework on a machine?
- In VSCode how to get intellisense working for PowerShell?
- How do I use PowerShell to Validate XML files against an XSD?
- Using EXO TotalItemSize with -gt in Powershell - inaccurate for some mailbox sizes
- How do I fix the problem in my Powershell code so that the checks continue to run?