Once we got the resulting ASCII XML files, we wanted to consolidate them with the rest of the information we gathered from our client's infrastructure and systems and that we have already indexed in Splunk...
Due to the raw amount of data, we wanted to aggregate all the information in the log files to seamlessly search through all the evidences. This way it will be easier to find suspicious activity correlating multiple sources.