@Silvano Ngacha I'm currently pulling Security log so perhaps I can help you do the same with Application log?

I will greatly appreciate your assistance. We can start with the security logs before moving to other logs.

@Silvano Ngacha ok so I'm using the publisher/subscriber built into osquery specifically to read the Windows Event logs. So it's not reading custom application logs, are you wanting to read windows event logs or other ones? I don't know about other ones

@Mystery Incorporated Thanks. Unfortunately, we are reading Linux logs

@Silvano Ngacha you might want to think about a log shipper like Filebeat in that case, I used to use Filebeat to ship osquery logs until just now I've started using fleet instead for the osquery logs. but osquery isn't really a log shipper I believe.

@Mystery Incorporated I am using logstash to ship logs to elastic search. My challenge is on how to access application specific logs.