Windows Event Log
Overview
Windows Event Log reads events from Windows Event Log channels.
Supported platforms
- Windows:
Logs
Event Channels
| Parameter | Type | Default Value | Required | Description |
|---|---|---|---|---|
| security | boolean | false | No | Enable reading from the Security event channel. |
| system | boolean | false | No | Enable reading from the System event channel. |
| application | boolean | false | No | Enable reading from the Application event channel. |
| custom_channels | array | [] | No | List of custom event channel names to read from. |
Basic Configuration
| Parameter | Type | Default Value | Required | Description |
|---|---|---|---|---|
| max_reads | integer | 100 | No | The maximum number of messages to read from the channel. |
| start_at | string | end | No | Specify whether to start reading from the beginning or end of the channel. |
| poll_interval | string | 1s | No | The time interval between polling attempts. |
| query | string | none | No | A custom query to filter or retrieve data. |
Attributes & Resources
| Parameter | Type | Default Value | Required | Description |
|---|---|---|---|---|
| attributes | object | {} | No | A collection of key-value pair attributes for the channel. |
| resource | object | {} | No | Defines the resource as key-value pairs. |
Advanced Settings
| Parameter | Type | Default Value | Required | Description |
|---|---|---|---|---|
| raw | boolean | false | No | When enabled, reads the raw data without any parsing. |
| suppress_rendering_info | boolean | false | No | Disables the display of rendering information in the output. |
| exclude_providers | array | [] | No | A list of providers to exclude from the data source. |
| storage | string | none | No | The storage method to use for the data. |
Retry Settings
If retry on failure is enabled:
| Parameter | Type | Default Value | Required | Description |
|---|---|---|---|---|
| enabled | boolean | false | Conditional | Activates the retry mechanism on a failed read. |
| initial_interval | string | 1s | Conditional | The first delay before retrying. |
| max_interval | string | 30s | Conditional | The maximum delay between retries. |
| max_elapsed_time | string | 5m | Conditional | The total time to keep retrying. |
Remote Connection Settings
| Parameter | Type | Default Value | Required | Description |
|---|---|---|---|---|
| server | string | none | Conditional | The address of the remote server. |
| username | string | none | Conditional | The username for the remote server. |
| password | string | none | Conditional | The password for the remote server. |
| domain | string | none | Conditional | The domain for the remote connection. |
Example Configuration
{
"security": false, // default: false
"system": true,
"application": true,
"custom_channels": [], // default: []
"max_reads": 100, // default: 100
"start_at": "end", // default: "end"
"poll_interval": "1s", // default: "1s"
"raw": false, // default: false
"query": "",
"retry_on_failure": {
"enabled": false, // default: false
},
"remote": {
"server": "",
},
}