What is WinEvnt_Looker? Other than the crappy name, it is a Windows Event Log parser that stores data into Elasticsearch
mapping. It is currently in its early stages of development. 
New project name needed. WinEvnt_Looker sucks!


*ISSUE 01: This will only work on Security.evtx file

[
    "mappings": { 
        "properties": { 
            "Event": {
                "System": {
                    "Guid": {"type": "string"},
                    "EventID": {"type": "string"},
                    "Version": {"type": "string"},
                    "Level" : {"type": "string"},
                    "Task": {"type": "string"},
                    "OpCode": {"type": "string"},
                    "Keywords": {"type": "string"},
                    "TimeCreate": {"type": "date"},
                    "EventRecordID": {"type": "string"},
                    "ProcessID": {"type": "string"},
                    "ThreadID": {"type": "string"},
                    "Channel": {"type": "string"},
                    "Computer": {"type": "string"},
                    "UserID": {"type": "string"}
                }
                "EventData": {
                    "SubjectUserSid": {"type": "string"},
                    ...
                    "This section will vary based on the Event ID."
                    "This section will be created dynamically."
                    ...
                    "n": {"type": "string"}
                }
            }
        }
    }
]

"WinEvent_Looker" is licensed under the Apache License, Version 2.0. This means it is freely available for use and modification in a personal and professional capacity.