-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[receiver/windowseventlog] Add Execution and Security information to parsed event log #27864
[receiver/windowseventlog] Add Execution and Security information to parsed event log #27864
Conversation
c2c989f
to
c72e2ed
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should be good after double-checking the Execution
optional fields.
Co-authored-by: Paulo Janotti <pjanotti@splunk.com>
if len(details) > 0 { | ||
body["details"] = details | ||
} | ||
|
||
if e.Security != nil && e.Security.UserID != "" { | ||
body["security"] = map[string]any{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: other locations on this file use map[string]interface{}
@djaglowski what is the general preference on this type of nit issue? Consistency, brevity, latest language patterns? (I have my preferences, but, the biggest one is following the practices of the repo/package).
Anyway, this is not material no need to hold merge because of it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Personally I'd prefer to take steps towards latest language patterns but I don't feel strongly about it here.
@djaglowski I think this is good to be merged, could you PTAL? |
…parsed event log (open-telemetry#27864) **Description:** Adds parsing for Execution and Security sections of the event log, as defined in the schema here: https://learn.microsoft.com/en-us/windows/win32/wes/eventschema-systempropertiestype-complextype **Link to tracking Issue:** open-telemetry#27810 **Testing:** * Added some unit tests * Tested on a windows machine to make sure it parsed correctly on a real system --------- Co-authored-by: Paulo Janotti <pjanotti@splunk.com>
…parsed event log (open-telemetry#27864) **Description:** Adds parsing for Execution and Security sections of the event log, as defined in the schema here: https://learn.microsoft.com/en-us/windows/win32/wes/eventschema-systempropertiestype-complextype **Link to tracking Issue:** open-telemetry#27810 **Testing:** * Added some unit tests * Tested on a windows machine to make sure it parsed correctly on a real system --------- Co-authored-by: Paulo Janotti <pjanotti@splunk.com>
…parsed event log (open-telemetry#27864) **Description:** Adds parsing for Execution and Security sections of the event log, as defined in the schema here: https://learn.microsoft.com/en-us/windows/win32/wes/eventschema-systempropertiestype-complextype **Link to tracking Issue:** open-telemetry#27810 **Testing:** * Added some unit tests * Tested on a windows machine to make sure it parsed correctly on a real system --------- Co-authored-by: Paulo Janotti <pjanotti@splunk.com>
Description:
Adds parsing for Execution and Security sections of the event log, as defined in the schema here: https://learn.microsoft.com/en-us/windows/win32/wes/eventschema-systempropertiestype-complextype
Link to tracking Issue: #27810
Testing: