feedback

pkg/stanza/docs/operators/windows_eventlog_input.md

@@ -12,8 +12,8 @@ The `windows_eventlog_input` operator reads logs from the windows event log API.
 | `max_reads`     | 100                      | The maximum number of bodies read into memory, before beginning a new batch. |
 | `start_at`      | `end`                    | On first startup, where to start reading logs from the API. Options are `beginning` or `end`. |
 | `poll_interval` | 1s                       | The interval at which the channel is checked for new log entries. This check begins again after all new bodies have been read. |
-| `raw` | false | If false, the body of emitted log records will contain a structured representation of the event. Otherwise, the body will be the original xml string. |
-| `suppress_rendering_info` | false | If false, additional syscalls may be made to retrieve detailed information about the event. Otherwise, some unresolved values may be present in the event. |
+| `raw` | false | If false, the body of emitted log records will contain a structured representation of the event. Otherwise, the body will be the original XML string. |
+| `suppress_rendering_info` | false | If false, [additional syscalls](https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtformatmessage#remarks) may be made to retrieve detailed information about the event. Otherwise, some unresolved values may be present in the event. |
 | `attributes`    | {}                       | A map of `key: value` pairs to add to the entry's attributes. |
 | `resource`      | {}                       | A map of `key: value` pairs to add to the entry's resource. |
 

pkg/stanza/operator/input/windows/input.go

@@ -233,29 +233,25 @@ func (i *Input) read(ctx context.Context) int {
 
 // processEvent will process and send an event retrieved from windows event log.
 func (i *Input) processEvent(ctx context.Context, event Event) {
+	providerName, err := event.GetPublisherName(i.buffer)
+	if err != nil {
+		i.Logger().Error("Failed to get provider name", zap.Error(err))
+		return
+	}
+	if _, exclude := i.excludeProviders[providerName]; exclude {
+		return
+	}
+
 	if i.supressRenderingInfo {
 		simpleEvent, err := event.RenderSimple(i.buffer)
 		if err != nil {
 			i.Logger().Error("Failed to render simple event", zap.Error(err))
 			return
 		}
-
-		if _, exclude := i.excludeProviders[simpleEvent.Provider.Name]; exclude {
-			return
-		}
 		i.sendEvent(ctx, simpleEvent)
 		return
 	}
 
-	providerName, err := event.GetPublisherName(i.buffer)
-	if err != nil {
-		i.Logger().Error("Failed to get provider name", zap.Error(err))
-		return
-	}
-	if _, exclude := i.excludeProviders[providerName]; exclude {
-		return
-	}
-
 	publisher, openPublisherErr := i.publisherCache.get(providerName)
 	if openPublisherErr != nil {
 		// Do not return. Log error here and try to send as simple event later.
@@ -284,7 +280,6 @@ func (i *Input) processEvent(ctx context.Context, event Event) {
 
 // sendEvent will send EventXML as an entry to the operator's output.
 func (i *Input) sendEvent(ctx context.Context, eventXML *EventXML) {
-	// body := eventXML.parseBody()
 	var body any = eventXML.Original
 	if !i.raw {
 		body = formattedBody(eventXML)

receiver/windowseventlogreceiver/README.md

@@ -26,8 +26,8 @@ Tails and parses logs from windows event log API using the [opentelemetry-log-co
 | `attributes`                        | {}           | A map of `key: value` pairs to add to the entry's attributes.                                                                                                                                                                                  |
 | `resource`                          | {}           | A map of `key: value` pairs to add to the entry's resource.                                                                                                                                                                                    |
 | `operators`                         | []           | An array of [operators](https://github.com/open-telemetry/opentelemetry-log-collection/blob/main/docs/operators/README.md#what-operators-are-available). See below for more details                                                            |
-| `raw` | false | If false, the body of emitted log records will contain a structured representation of the event. Otherwise, the body will be the original xml string. |
-| `suppress_rendering_info` | false | If false, additional syscalls may be made to retrieve detailed information about the event. Otherwise, some unresolved values may be present in the event. |
+| `raw` | false | If false, the body of emitted log records will contain a structured representation of the event. Otherwise, the body will be the original XML string. |
+| `suppress_rendering_info` | false | If false, [additional syscalls](https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtformatmessage#remarks) may be made to retrieve detailed information about the event. Otherwise, some unresolved values may be present in the event. |
 | `exclude_providers`                 | []           | One or more event log providers to exclude from processing.                                                                                                                                                                                    |
 | `storage`                           | none         | The ID of a storage extension to be used to store bookmarks. Bookmarks allow the receiver to pick up where it left off in the case of a collector restart. If no storage extension is used, the receiver will manage bookmarks in memory only. |
 | `retry_on_failure.enabled`          | `false`      | If `true`, the receiver will pause reading a file and attempt to resend the current batch of logs if it encounters an error from downstream components.                                                                                        |