diff --git a/plugins/k8saudit-aks/go.mod b/plugins/k8saudit-aks/go.mod
index 62ca0548..f7f735e0 100644
--- a/plugins/k8saudit-aks/go.mod
+++ b/plugins/k8saudit-aks/go.mod
@@ -9,6 +9,7 @@ require (
 	github.com/falcosecurity/plugins/plugins/k8saudit v0.17.0
 	github.com/falcosecurity/plugins/shared/go/azure/eventhub v0.0.0-20250617140945-5d23e77c8bbd
 	github.com/invopop/jsonschema v0.14.0
+	github.com/valyala/fastjson v1.6.4
 	golang.org/x/time v0.15.0
 )
 
@@ -22,7 +23,6 @@ require (
 	github.com/fsnotify/fsnotify v1.9.0 // indirect
 	github.com/iancoleman/orderedmap v0.3.0 // indirect
 	github.com/pb33f/ordered-map/v2 v2.3.1 // indirect
-	github.com/valyala/fastjson v1.6.4 // indirect
 	go.yaml.in/yaml/v4 v4.0.0-rc.2 // indirect
 	golang.org/x/net v0.47.0 // indirect
 	golang.org/x/sys v0.38.0 // indirect
diff --git a/plugins/k8saudit-aks/go.sum b/plugins/k8saudit-aks/go.sum
index 0032a271..6f8175bf 100644
--- a/plugins/k8saudit-aks/go.sum
+++ b/plugins/k8saudit-aks/go.sum
@@ -29,8 +29,6 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/falcosecurity/plugin-sdk-go v0.8.3 h1:KsX7qt83dzC57qcNpZKaBrCjTXqpXgvxDcEXs6Z5sHI=
 github.com/falcosecurity/plugin-sdk-go v0.8.3/go.mod h1:gEgxjvuopv5VF4wc8s0EHnmT9qrIKBtcJVBnRlEPU1A=
-github.com/falcosecurity/plugins/plugins/k8saudit v0.16.1 h1:K7D2dOkSB0Sg0grN7Nt++15MoKzRdMSO8dzq7OdEgXo=
-github.com/falcosecurity/plugins/plugins/k8saudit v0.16.1/go.mod h1:aXuvIMirc59LeXnh1m7MJbWpmUUE+r19FUjkYTPhHA0=
 github.com/falcosecurity/plugins/plugins/k8saudit v0.17.0 h1:YmIgYN7USDi8OWcjSdegW/aJbdJ9ODMhAPWJduRfyVA=
 github.com/falcosecurity/plugins/plugins/k8saudit v0.17.0/go.mod h1:0IV2vwoFgbM6e5P7rG9E9WQPAvMJDm6sj2OVdifbQKo=
 github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw=
diff --git a/plugins/k8saudit-aks/pkg/k8sauditaks/k8sauditaks.go b/plugins/k8saudit-aks/pkg/k8sauditaks/k8sauditaks.go
index 932701e6..2dc361f1 100644
--- a/plugins/k8saudit-aks/pkg/k8sauditaks/k8sauditaks.go
+++ b/plugins/k8saudit-aks/pkg/k8sauditaks/k8sauditaks.go
@@ -34,6 +34,7 @@ import (
 	"github.com/falcosecurity/plugins/plugins/k8saudit/pkg/k8saudit"
 	falcoeventhub "github.com/falcosecurity/plugins/shared/go/azure/eventhub"
 	"github.com/invopop/jsonschema"
+	"github.com/valyala/fastjson"
 	"golang.org/x/time/rate"
 )
 
@@ -197,7 +198,16 @@ func (p *Plugin) Open(_ string) (source.Instance, error) {
 				if !ok {
 					return
 				}
-				values, err := p.Plugin.ParseAuditEventsPayload([]byte(i.Properties.Log))
+				// AKS diagnostic settings can route categories other than
+				// `kube-audit` to the same EventHub (kube-apiserver, kube-controller-manager,
+				// cluster-autoscaler, etc.). Those records carry klog text in
+				// properties.log instead of a JSON audit event. Pre-validate so
+				// the parser does not spam "cannot parse JSON" errors. See issue #1145.
+				logBytes := []byte(i.Properties.Log)
+				if fastjson.ValidateBytes(logBytes) != nil {
+					continue
+				}
+				values, err := p.Plugin.ParseAuditEventsPayload(logBytes)
 				if err != nil {
 					p.Logger.Println(err)
 					continue