New component: Windows Event Log Receiver #9225
Comments
|
@armstrmi, I assume the telemetry type is Logs, not Metrics? This will be based on the log-collection library's windows event log operator, right? If so, the config appears to be slightly out of date. Assuming I'm right about the above, I'm happy to sponsor this. #2333 has been open for quite some time, but I think it's good to follow the new process anyways. |
|
It would be perfect if in addition we can configure a remote host instead of localhost. |
|
@djaglowski Yup, was meant to be Logs, my bad. And it is based on that log collection windows operator. Can update that config, @gillg I will get back to you on configuring a remote host |
|
Ideally, such a component will support both local and remote collection eventually, but either is valuable without the other. The hard part is done already for the local implementation, so it makes a lot of sense to expose it in a receiver. That said, if we are expecting to add remote collection at a later point, we should get a sense of the necessary configuration details. Would they be additive or conflicting? If conflicting this could alter the config we present to users, so this is something we should establish sooner rather than later. I would like to sponsor this component, but we should answer the config question before merging the receiver. |
|
@djaglowski config question I believe has been resolved, changed it let me know what you think |
I am not sure what you are referring to as the resolution. |
So in response to your question about whether or not configuring a remote collection would be additive or conflicting, turns out it would be additive after looking at how fluentd and other log collection platforms accomplish this. Here you can see how they config the "subscribe" section for collecting remote event logs. So because of what we found, I think it would be safe to move forward and we can add remote collection on at a later point. |
|
Thanks for looking into it @armstrmi. I've investigated this myself a bit and have come to the same conclusion. |
djaglowski
added
Accepted Component
|
Closed by #9228 |
|
@armstrmi Hi, I want to know to configuring a remote host in Windows Event Log Receiver. |
|
@gillg Hi, Do you know how to configure a remote host in Windows Event Log Receiver? |
The purpose and use-cases of the new component
The
windowseventlogreceiver reads logs from the windows event log API.Example configuration for the component
idwindows_eventlog_inputoutputchannelmax_readsstart_atendbeginningorendpoll_intervalattributeskey: valuepairs to add to the entry's attributes.resourcekey: valuepairs to add to the entry's resource.operatorsconverter{max_flush_count: 100,
flush_interval: 100ms,
worker_count: max(1,runtime.NumCPU()/4)
}
key: valuepairs to configure the [entry.Entry][entry_link] to [pdata.LogRecord][pdata_logrecord_link] converter, more info can be found [here][converter_link]The following configuration settings are required:
channelThe remaining configuration settings are optional
Configuration:
Telemetry data types supported
Logs
Sponsor (Optional)
The text was updated successfully, but these errors were encountered: