@puffycid I'd love that. I really wanted this some time ago but got a bit held up on the XML -> JSON parsing. If you're up to the challenge here's the branch where I started this (https://github.com/osquery/osquery/compare/master...muffins:windows-event-log-vtable)

Cool I've been messing around with event log parsing on my own branch But I will take a look at your implementation

Lemme know if I can help at all! Happy to do reviews or take on small bits of the implementation