Add an "exclude_event_message" argument to loki.source.windowsevent (#…

…5634) * Add an "exclude_event_message" argument to loki.source.windowsevent * Add a note with exact commit hash of Loki. --------- Co-authored-by: Paschalis Tsilias <[email protected]>
grafana · Oct 31, 2023 · 8f94497 · 8f94497
1 parent c03bd07
commit 8f94497
Show file tree

Hide file tree

Showing 8 changed files with 26 additions and 13 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -98,6 +98,8 @@ Main (unreleased)
 - Added an `add_metric_suffixes` option to `otelcol.exporter.prometheus` in flow mode,
   which configures whether to add type and unit suffixes to metrics names. (@mar4uk)
 
+- Added an `exclude_event_message` option to `loki.source.windowsevent` in flow mode,
+  which excludes the human-friendly event message from Windows event logs. (@ptodev)
 - Improve detection of rolled log files in `loki.source.kubernetes` and
   `loki.source.podlogs` (@slim-bean).
 

diff --git a/component/loki/source/windowsevent/arguments.go b/component/loki/source/windowsevent/arguments.go
@@ -1,5 +1,9 @@
 package windowsevent
 
+// NOTE: The arguments here are based on commit bde6566
+// of Promtail's arguments in Loki's repository:
+// https://github.com/grafana/loki/blob/bde65667f7c88af17b7729e3621d7bd5d1d3b45f/clients/pkg/promtail/scrapeconfig/scrapeconfig.go#L211-L255
+
 import (
 	"time"
 
@@ -16,6 +20,7 @@ type Arguments struct {
 	PollInterval         time.Duration       `river:"poll_interval,attr,optional"`
 	ExcludeEventData     bool                `river:"exclude_event_data,attr,optional"`
 	ExcludeUserdata      bool                `river:"exclude_user_data,attr,optional"`
+	ExcludeEventMessage  bool                `river:"exclude_event_message,attr,optional"`
 	UseIncomingTimestamp bool                `river:"use_incoming_timestamp,attr,optional"`
 	ForwardTo            []loki.LogsReceiver `river:"forward_to,attr"`
 	Labels               map[string]string   `river:"labels,attr,optional"`
@@ -30,6 +35,7 @@ func defaultArgs() Arguments {
 		PollInterval:         3 * time.Second,
 		ExcludeEventData:     false,
 		ExcludeUserdata:      false,
+		ExcludeEventMessage:  false,
 		UseIncomingTimestamp: false,
 	}
 }

diff --git a/component/loki/source/windowsevent/component_test.go b/component/loki/source/windowsevent/component_test.go
@@ -42,6 +42,7 @@ func TestEventLogger(t *testing.T) {
 		PollInterval:         10 * time.Millisecond,
 		ExcludeEventData:     false,
 		ExcludeUserdata:      false,
+		ExcludeEventMessage:  false,
 		UseIncomingTimestamp: false,
 		ForwardTo:            []loki.LogsReceiver{rec},
 		Labels:               map[string]string{"job": "windows"},

diff --git a/component/loki/source/windowsevent/component_windows.go b/component/loki/source/windowsevent/component_windows.go
@@ -150,7 +150,7 @@ func convertConfig(arg Arguments) *scrapeconfig.WindowsEventsTargetConfig {
 		BookmarkPath:         arg.BookmarkPath,
 		PollInterval:         arg.PollInterval,
 		ExcludeEventData:     arg.ExcludeEventData,
-		ExcludeEventMessage:  false,
+		ExcludeEventMessage:  arg.ExcludeEventMessage,
 		ExcludeUserData:      arg.ExcludeUserdata,
 		Labels:               utils.ToLabelSet(arg.Labels),
 	}

diff --git a/converter/internal/promtailconvert/internal/build/windows_events.go b/converter/internal/promtailconvert/internal/build/windows_events.go
@@ -19,6 +19,7 @@ func (s *ScrapeConfigBuilder) AppendWindowsEventsConfig() {
 		PollInterval:         winCfg.PollInterval,
 		ExcludeEventData:     winCfg.ExcludeEventData,
 		ExcludeUserdata:      winCfg.ExcludeUserData,
+		ExcludeEventMessage:  winCfg.ExcludeEventMessage,
 		UseIncomingTimestamp: winCfg.UseIncomingTimestamp,
 		ForwardTo:            make([]loki.LogsReceiver, 0),
 		Labels:               convertPromLabels(winCfg.Labels),

diff --git a/converter/internal/promtailconvert/testdata/windowsevents.river b/converter/internal/promtailconvert/testdata/windowsevents.river
@@ -6,6 +6,7 @@ loki.source.windowsevent "fun" {
 	poll_interval          = "10s"
 	exclude_event_data     = true
 	exclude_user_data      = true
+	exclude_event_message  = true
 	use_incoming_timestamp = true
 	forward_to             = [loki.write.default.receiver]
 	labels                 = {

diff --git a/converter/internal/promtailconvert/testdata/windowsevents_relabel.river b/converter/internal/promtailconvert/testdata/windowsevents_relabel.river
@@ -16,6 +16,7 @@ loki.source.windowsevent "fun" {
 	poll_interval          = "10s"
 	exclude_event_data     = true
 	exclude_user_data      = true
+	exclude_event_message  = true
 	use_incoming_timestamp = true
 	forward_to             = [loki.relabel.fun.receiver]
 	labels                 = {}

diff --git a/docs/sources/flow/reference/components/loki.source.windowsevent.md b/docs/sources/flow/reference/components/loki.source.windowsevent.md
@@ -31,18 +31,19 @@ log entries to the list of receivers passed in `forward_to`.
 
 `loki.source.windowsevent` supports the following arguments:
 
-Name         | Type                 | Description                                                                    | Default                    | Required
------------- |----------------------|--------------------------------------------------------------------------------|----------------------------| --------
-`locale`    | `number`             | Locale ID for event rendering. 0 default is Windows Locale.                    | `0` | no
-`eventlog_name`    | `string`             | Event log to read from.                                                        |                            | See below.
-`xpath_query`    | `string`             | Event log to read from.                                                        | `"*"`                          | See below.
-`bookmark_path`    | `string`             | Keeps position in event log.                                            | `"DATA_PATH/bookmark.xml"`     | no
-`poll_interval`    | `duration`      | How often to poll the event log.                                               | `"3s"`                         | no
-`exclude_event_data`    | `bool`               | Exclude event data.                                                            | `false`                      | no
-`exclude_user_data`    | `bool`               | Exclude user data.                                                             | `false`                      | no
-`use_incoming_timestamp`    | `bool`               | When false, assigns the current timestamp to the log when it was processed. | `false`                      | no
-`forward_to` | `list(LogsReceiver)` | List of receivers to send log entries to.                                      |                            | yes
-`labels`     | `map(string)` | The labels to associate with incoming logs.                                           |                            | no 
+Name                     | Type                 | Description                                                                    | Default                    | Required
+------------------------ |----------------------|--------------------------------------------------------------------------------|----------------------------| --------
+`locale`                 | `number`             | Locale ID for event rendering. 0 default is Windows Locale.                    | `0`                        | no
+`eventlog_name`          | `string`             | Event log to read from.                                                        |                            | See below.
+`xpath_query`            | `string`             | Event log to read from.                                                        | `"*"`                      | See below.
+`bookmark_path`          | `string`             | Keeps position in event log.                                                   | `"DATA_PATH/bookmark.xml"` | no
+`poll_interval`          | `duration`           | How often to poll the event log.                                               | `"3s"`                     | no
+`exclude_event_data`     | `bool`               | Exclude event data.                                                            | `false`                    | no
+`exclude_user_data`      | `bool`               | Exclude user data.                                                             | `false`                    | no
+`exclude_event_message`  | `bool`               | Exclude the human-friendly event message.                                      | `false`                    | no
+`use_incoming_timestamp` | `bool`               | When false, assigns the current timestamp to the log when it was processed.    | `false`                    | no
+`forward_to`             | `list(LogsReceiver)` | List of receivers to send log entries to.                                      |                            | yes
+`labels`                 | `map(string)`        | The labels to associate with incoming logs.                                    |                            | no 
 
 
 > **NOTE**: `eventlog_name` is required if `xpath_query` does not specify the event log.