tuckner · March 1, 2019 17:36
diff --git a/eventdataparse.py b/eventdataparse.py
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-

 import re

 s = 'eventdataxml'
 l = re.findall('(?<=Name=")\w+', s)
 p = ''

 for i in l:
    p += "'Data Name=\"{0}\">' {0} '<' * ".format(i)
 full = """
 Event
 | where EventID == \"1\"
 | parse EventData with * {0}
 | search \"*\"
 """.format(p)
 print(full)
	#!/usr/bin/env python
	# -- coding: utf-8 --

	import re

	s = 'eventdataxml'
	l = re.findall('(?<=Name=")\w+', s)
	p = ''

	for i in l:
	p += "'Data Name=\"{0}\">' {0} '<' * ".format(i)
	full = """
	Event
	\| where EventID == \"1\"
	\| parse EventData with * {0}
	\| search \"*\"
	""".format(p)
	print(full)