Add support to sysmon delimiters?

[wolf1892]

Parse_description, does not parse sysmon description::key. Cause the delimiter over there is specified by /r/n

Is it possible to have a support for sysmon, to parse_description?

[wolf1892]

I have a temporary working solution, hopefully something like this can be worked out? https://github.com/wolf1892/fluent-plugin-windows-eventlog/blob/master/lib/fluent/plugin/in_windows_eventlog2.rb