nxlog configuration sending event log to fluentd using HTTP

nxlog.conf

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log


<Extension json>
    Module      xm_json
</Extension>

<Input eventlog>
    Module      im_msvistalog
# For windows 2003 and earlier use the following:
#   Module      im_mseventlog

 Query <QueryList>\
<Query Id="0">\
<Select Path="Application">*</Select>\
<Select Path="System">*</Select>\
<Select Path="Security">*</Select>\
</Query>\
</QueryList>
</Input>

<Processor prep_for_http>
    Module	pm_null

    Exec $raw_event = "json=" + to_json();

    Exec $raw_event = replace($raw_event, " ", "+");
    Exec $raw_event = replace($raw_event, "\r", "%0D");
    Exec $raw_event = replace($raw_event, "\n", "%0A");

    Exec $raw_event = replace($raw_event, "@", "%40");
    Exec $raw_event = replace($raw_event, "&", "%26");
    Exec $raw_event = replace($raw_event, ";", "_");
    Exec $raw_event = replace($raw_event, "%", "%25");
    Exec $raw_event = replace($raw_event, "-", "%2D");
    Exec $raw_event = replace($raw_event, ".", "%2E");
    Exec $raw_event = replace($raw_event, "<", "%3C");
    Exec $raw_event = replace($raw_event, ">", "%3E");
    Exec $raw_event = replace($raw_event, "\\", "%5C");
    Exec $raw_event = replace($raw_event, "^", "%5E");
    Exec $raw_event = replace($raw_event, "_", "%5F");
    Exec $raw_event = replace($raw_event, "`", "%60");
    Exec $raw_event = replace($raw_event, "{", "%7B");
    Exec $raw_event = replace($raw_event, "|", "%7C");
    Exec $raw_event = replace($raw_event, "}", "%7D");
    Exec $raw_event = replace($raw_event, "~", "%7E");
</Processor>

<Output out_eventlog>
    Module om_http
    ContentType application/x-www-form-urlencoded
    URL http://fluent:8888/windows.eventlog
</Output>


<Route 1>
     Path eventlog => prep_for_http => out_eventlog
</Route>