Skip to content

in_winevtlog: Handle Daylight saving time by using newer functions#10628

Merged
edsiper merged 3 commits intomasterfrom
cosmo0920-handle-dst-in_winevtlog-plugin
Jul 31, 2025
Merged

in_winevtlog: Handle Daylight saving time by using newer functions#10628
edsiper merged 3 commits intomasterfrom
cosmo0920-handle-dst-in_winevtlog-plugin

Conversation

@cosmo0920
Copy link
Contributor

@cosmo0920 cosmo0920 commented Jul 22, 2025
edited
Loading

  • SystemTimeToTzSpecificLocalTimeEx
  • GetDynamicTimeZoneInformation

are able to handle Daylight Saving Time(DST).

FileTimeToLocalFileTime and SystemTimeToTzSpecificLocalTimeEx
automatically convert between ST and DST.
These functions are working well for DST conversions.

Then, we got:

image 
[663] winevtlog.0: [[1753251022.125331400, {}], {"ProviderName"=>"Microsoft-Windows-RestartManager", "ProviderGuid"=>"{0888E5EF-9B98-4695-979D-E92CE4247224}", "Qualifiers"=>"", "EventID"=>10001, "Version"=>0, "Level"=>4, "Task"=>0, "Opcode"=>0, "Keywords"=>"0x8000000000000000", "TimeCreated"=>"2025-05-10 05:13:42 -0700", "EventRecordID"=>3959, "ActivityID"=>"", "RelatedActivityID"=>"", "ProcessID"=>34096, "ThreadID"=>61344, "Channel"=>"Application", "Computer"=>"hiro-area51-14", "UserID"=>"NT AUTHORITY\SYSTEM", "Message"=>"Ending session 0 started ΓÇÄ2025ΓÇÄ-ΓÇÄ05ΓÇÄ-ΓÇÄ10T12:13:42.448394200Z.", "StringInserts"=>[0, "2025-05-10 05:13:42 -0700"]}]
[664] winevtlog.0: [[1753251022.125822100, {}], {"ProviderName"=>"Microsoft-Windows-RestartManager", "ProviderGuid"=>"{0888E5EF-9B98-4695-979D-E92CE4247224}", "Qualifiers"=>"", "EventID"=>10000, "Version"=>0, "Level"=>4, "Task"=>0, "Opcode"=>0, "Keywords"=>"0x8000000000000000", "TimeCreated"=>"2025-05-10 05:13:42 -0700", "EventRecordID"=>3960, "ActivityID"=>"", "RelatedActivityID"=>"", "ProcessID"=>34096, "ThreadID"=>61344, "Channel"=>"Application", "Computer"=>"hiro-area51-14", "UserID"=>"NT AUTHORITY\SYSTEM", "Message"=>"Starting session 0 - ΓÇÄ2025ΓÇÄ-ΓÇÄ05ΓÇÄ-ΓÇÄ10T12:13:42.785623300Z.", "StringInserts"=>[0, "2025-05-10 05:13:42 -0700"]}]

PST is now under Daylight Saving Time(DST).
So, it's correct behavior for the DST implemented timezone.

This was originally reported in #8386.

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

  • Example configuration file for the change

It's easily testing with the basic winevtlog plugin's parameters.

PS> bin/fluent-bit -i winevtlog -p read_existing_events=On -o stdout
  • Debug log output from testing the change
  • Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

  • Run local packaging test showing all targets (including any new ones) build.
  • Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

  • Documentation required for this feature

Backporting

  • Backport to latest stable release.

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

@cosmo0920
in_winevtlog: Handle Daylight saving time by using newer functions
dac75e1 
* SystemTimeToTzSpecificLocalTimeEx
* GetDynamicTimeZoneInformation

are able to handle Daylight Saving Time(DST).

Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io>
@cosmo0920
in_winevtlog: Use -1 at the last argument for auto-detection of DST
191da98 
FileTimeToLocalFileTime and SystemTimeToTzSpecificLocalTimeEx
automatically convert between ST and DST.
These functions are working well for DST conversions.

Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io>
@cosmo0920 cosmo0920 mentioned this pull request Jul 22, 2025
Closed
1 task
@cosmo0920
in_winevtlog: Initialize TZInfo correctly
f180d08 
Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io>
@cosmo0920 cosmo0920 added this to the Fluent Bit v4.1 milestone Jul 23, 2025
@cosmo0920 cosmo0920 added the ok-package-test Run PR packaging tests label Jul 23, 2025
@edsiper edsiper merged commit 2b9741c into master Jul 31, 2025
223 of 227 checks passed
@edsiper edsiper deleted the cosmo0920-handle-dst-in_winevtlog-plugin branch July 31, 2025 02:23
@cosmo0920 cosmo0920 mentioned this pull request Jul 31, 2025
Merged
7 tasks
@franciscovalentecastro franciscovalentecastro mentioned this pull request Sep 24, 2025
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@edsiper edsiper Awaiting requested review from edsiper edsiper is a code owner

@leonardo-albertovich leonardo-albertovich Awaiting requested review from leonardo-albertovich

@fujimotos fujimotos Awaiting requested review from fujimotos

@koleini koleini Awaiting requested review from koleini

Assignees

No one assigned

Labels

backport to v4.0.x docs-required ok-package-test Run PR packaging tests

Projects

None yet

Milestone

Fluent Bit v4.1

Development

Successfully merging this pull request may close these issues.

2 participants

@cosmo0920 @edsiper

Comments