Fix loop while reading from standalone evtx (#30006)

- Fix loop while reading from standalone evtx file
- Moved stop variable and check to outer loop

Co-authored-by: Taylor Swanson <[email protected]>
(cherry picked from commit 3c6724a)

CHANGELOG.next.asciidoc

@@ -25,6 +25,14 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 
 *Winlogbeat*
 
+- Add support to Sysmon file delete events (event ID 23). {issue}18094[18094]
+- Improve ECS field mappings in Sysmon module. `related.hash`, `related.ip`, and `related.user` are now populated. {issue}18364[18364]
+- Improve ECS field mappings in Sysmon module. Hashes are now also populated to the corresponding `process.hash`, `process.pe.imphash`, `file.hash`, or `file.pe.imphash`. {issue}18364[18364]
+- Improve ECS field mappings in Sysmon module. `file.name`, `file.directory`, and `file.extension` are now populated. {issue}18364[18364]
+- Improve ECS field mappings in Sysmon module. `rule.name` is populated for all events when present. {issue}18364[18364]
+- Remove top level `hash` property from sysmon events {pull}20653[20653]
+- Move module processing from local Javascript processor to ingest node {issue}29184[29184] {pull}29435[29435]
+- Fix run loop when reading from evtx file {pull}30006[30006]
 
 *Functionbeat*
 

winlogbeat/beater/eventlogger.go

@@ -130,7 +130,7 @@ func (e *eventLogger) run(
 	}()
 
 runLoop:
-	for {
+	for stop := false; !stop; {
 		err = api.Open(state)
 		if eventlog.IsRecoverable(err) {
 			e.log.Warnw("Open() encountered recoverable error. Trying again...", "error", err)
@@ -142,7 +142,7 @@ runLoop:
 		}
 		e.log.Debug("Opened successfully.")
 
-		for stop := false; !stop; {
+		for !stop {
 			select {
 			case <-done:
 				return
@@ -171,6 +171,9 @@ runLoop:
 			e.log.Debugf("Read() returned %d records.", len(records))
 			if len(records) == 0 {
 				time.Sleep(time.Second)
+				if stop {
+					return
+				}
 				continue
 			}