[pkg/stanza/operator/input/windows] [receiver/windowseventlogreceiver] add raw XML query support #39055
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
OverOrion
force-pushed
the
feat/eventlog-query-main
branch
2 times, most recently
from
e5bd2d7 to
5133f5d
Compare
OverOrion
force-pushed
the
feat/eventlog-query-main
branch
from
5133f5d to
8c5d9a7
Compare
pjanotti
reviewed
Apr 3, 2025
There was a problem hiding this comment.
@OverOrion sorry for the delay - this is looking good! We will need a test before this can be approved and merged. It will be good to add some examples and links on the README.md - something like https://learn.microsoft.com/en-us/previous-versions/aa385231(v=vs.85)#xml-event-queries for instance.
OverOrion
force-pushed
the
feat/eventlog-query-main
branch
from
8c5d9a7 to
3c3c107
Compare
|
Hey @pjanotti I have extended the README with a sample configuration, let me know if that's what you had in your mind. |
Signed-off-by: Szilard Parrag <[email protected]>
OverOrion
force-pushed
the
feat/eventlog-query-main
branch
from
3c3c107 to
9c94980
Compare
|
Hi @OverOrion - I was in a short break last week, will take a look soon. |
pjanotti
reviewed
Apr 23, 2025
There was a problem hiding this comment.
@OverOrion - changes are looking good, the test that I was thinking about would be like the ones in receiver/windowseventlogreceiver/receiver_windows_test.go, but, using the Query on the config. Perhaps TestReadWindowsEventLogger
Signed-off-by: Szilard Parrag <[email protected]>
|
Added a similar test: > go test -count=1 . -v
=== RUN TestNewFactory
=== RUN TestNewFactory/NewFactoryCorrectType
--- PASS: TestNewFactory (0.00s)
--- PASS: TestNewFactory/NewFactoryCorrectType (0.00s)
=== RUN TestCreateDefaultConfig
--- PASS: TestCreateDefaultConfig (0.00s)
=== RUN TestCreateAndShutdown
--- PASS: TestCreateAndShutdown (0.00s)
=== RUN TestComponentFactoryType
--- PASS: TestComponentFactoryType (0.00s)
=== RUN TestComponentConfigStruct
--- PASS: TestComponentConfigStruct (0.00s)
=== RUN TestComponentLifecycle
=== RUN TestComponentLifecycle/logs-shutdown
=== RUN TestComponentLifecycle/logs-lifecycle
--- PASS: TestComponentLifecycle (0.00s)
--- PASS: TestComponentLifecycle/logs-shutdown (0.00s)
--- PASS: TestComponentLifecycle/logs-lifecycle (0.00s)
=== RUN TestDefaultConfig
--- PASS: TestDefaultConfig (0.00s)
=== RUN TestLoadConfig
--- PASS: TestLoadConfig (0.00s)
=== RUN TestCreateWithInvalidInputConfig
--- PASS: TestCreateWithInvalidInputConfig (0.00s)
=== RUN TestReadWindowsEventLogger
--- PASS: TestReadWindowsEventLogger (4.51s)
=== RUN TestReadWindowsEventLoggerWithQuery
--- PASS: TestReadWindowsEventLoggerWithQuery (4.51s)
=== RUN TestReadWindowsEventLoggerRaw
--- PASS: TestReadWindowsEventLoggerRaw (4.55s)
=== RUN TestExcludeProvider
=== RUN TestExcludeProvider/with_EventXML
=== RUN TestExcludeProvider/with_Raw
--- PASS: TestExcludeProvider (9.09s)
--- PASS: TestExcludeProvider/with_EventXML (4.28s)
--- PASS: TestExcludeProvider/with_Raw (4.26s)
PASS
ok github.com/open-telemetry/opentelemetry-collector-contrib/receiver/windowseventlogreceiver 22.719s |
Signed-off-by: Szilard Parrag <[email protected]>
pjanotti
approved these changes
Apr 28, 2025
There was a problem hiding this comment.
Thanks @OverOrion!
CI failure is unrelated, tracking via #39691
dmitryax
approved these changes
Apr 28, 2025
djaglowski
approved these changes
Apr 28, 2025
vincentfree
pushed a commit
to ing-bank/opentelemetry-collector-contrib
that referenced
this pull request
May 6, 2025
…] add raw XML query support (open-telemetry#39055) Example usage ```yaml receivers: windowseventlog/query: raw: true query: | <QueryList> <Query Id="0"> <Select Path="Application">*[System[Provider[@name='foo']]]</Select> <Select Path="Application">*[System[Provider[@name='bar']]]</Select> </Query> </QueryList> exporters: debug: verbosity: detailed service: pipelines: logs/query: receivers: [windowseventlog/query] exporters: [debug] ``` I tested it using `eventcreate`: ```powershell eventcreate /t ERROR /id 100 /l application /d "Create event in application log" /so foo ``` --------- Signed-off-by: Szilard Parrag <[email protected]>
vincentfree
pushed a commit
to ing-bank/opentelemetry-collector-contrib
that referenced
this pull request
May 20, 2025
…] add raw XML query support (open-telemetry#39055) Example usage ```yaml receivers: windowseventlog/query: raw: true query: | <QueryList> <Query Id="0"> <Select Path="Application">*[System[Provider[@name='foo']]]</Select> <Select Path="Application">*[System[Provider[@name='bar']]]</Select> </Query> </QueryList> exporters: debug: verbosity: detailed service: pipelines: logs/query: receivers: [windowseventlog/query] exporters: [debug] ``` I tested it using `eventcreate`: ```powershell eventcreate /t ERROR /id 100 /l application /d "Create event in application log" /so foo ``` --------- Signed-off-by: Szilard Parrag <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Example usage
I tested it using
eventcreate: