-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New component: Windows Event Log Receiver #9225
Comments
@armstrmi, I assume the telemetry type is Logs, not Metrics? This will be based on the log-collection library's windows event log operator, right? If so, the config appears to be slightly out of date. Assuming I'm right about the above, I'm happy to sponsor this. #2333 has been open for quite some time, but I think it's good to follow the new process anyways. |
It would be perfect if in addition we can configure a remote host instead of localhost. |
@djaglowski Yup, was meant to be Logs, my bad. And it is based on that log collection windows operator. Can update that config, @gillg I will get back to you on configuring a remote host |
Ideally, such a component will support both local and remote collection eventually, but either is valuable without the other. The hard part is done already for the local implementation, so it makes a lot of sense to expose it in a receiver. That said, if we are expecting to add remote collection at a later point, we should get a sense of the necessary configuration details. Would they be additive or conflicting? If conflicting this could alter the config we present to users, so this is something we should establish sooner rather than later. I would like to sponsor this component, but we should answer the config question before merging the receiver. |
@djaglowski config question I believe has been resolved, changed it let me know what you think |
I am not sure what you are referring to as the resolution. |
So in response to your question about whether or not configuring a remote collection would be additive or conflicting, turns out it would be additive after looking at how fluentd and other log collection platforms accomplish this. Here you can see how they config the "subscribe" section for collecting remote event logs. So because of what we found, I think it would be safe to move forward and we can add remote collection on at a later point. |
Thanks for looking into it @armstrmi. I've investigated this myself a bit and have come to the same conclusion. |
Closed by #9228 |
@armstrmi Hi, I want to know to configuring a remote host in Windows Event Log Receiver. |
@gillg Hi, Do you know how to configure a remote host in Windows Event Log Receiver? |
The purpose and use-cases of the new component
The
windowseventlog
receiver reads logs from the windows event log API.Example configuration for the component
id
windows_eventlog_input
output
channel
max_reads
start_at
end
beginning
orend
poll_interval
attributes
key: value
pairs to add to the entry's attributes.resource
key: value
pairs to add to the entry's resource.operators
converter
key: value
pairs to configure the [entry.Entry
][entry_link] to [pdata.LogRecord
][pdata_logrecord_link] converter, more info can be found [here][converter_link]The following configuration settings are required:
channel
The remaining configuration settings are optional
Configuration:
Telemetry data types supported
Logs
Sponsor (Optional)
The text was updated successfully, but these errors were encountered: