Polishing the config files above. Below conf files worked perfectly for me #props.conf [aws:cloudwatch:s3] TRANSFORMS-field_extraction_aws_windows_logs = parse_windows_logs_prefix,parse_windows_logs_suffix #Transforms.conf [parse_windows_logs_prefix] REGEX = \[(?<LogName>.*?)\]\s+\[(?<Type>.*?)\]\s+\[(?P<EventCode>\d+)]\s+\[(?P<SourceName>.*?)\]\s+\[(?P<ComputerName>.*?)]\s+\[(?P<message>[^.]+.)\s(?P<body>[^]]+.) FORMAT = LogName::"$1" Type::"$2" EventCode::"$3" Sourcename::"$4" ComputerName::"$5" message::"$6" body::"$7" WRITE_META = true [parse_windows_logs_suffix] SOURCE_KEY = field:body REGEX = (?m)^\s*(?<name>[^:]+):[\t ]+(?<value>.*)$ FORMAT = "$1"::"$2" REPEAT_MATCH = true WRITE_META = true ... View more

can some one help with this issue, I am also facing the same issue while transitioning from the old add-on to new add-on. ... View more

can some one help with this issue, I am also facing the same issue while transitioning from the old add-on to new add-on. ... View more