You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: pipeline/inputs/windows-event-log-winevtlog.md
+7Lines changed: 7 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,6 +16,7 @@ The plugin supports the following configuration parameters:
16
16
| String\_Inserts | Whether to include StringInserts in output records. \(optional\)| True |
17
17
| Render\_Event\_As\_XML | Whether to render system part of event as XML string or not. \(optional\)| False |
18
18
| Use\_ANSI | Use ANSI encoding on eventlog messages. If you have issues receiving blank strings with old Windows versions (Server 2012 R2), setting this to True may solve the problem. \(optional\)| False |
19
+
| Event\_Query | Specify XML query for filtering events. |`*`|
19
20
20
21
Note that if you do not set _db_, the plugin will tail channels on each startup.
21
22
@@ -39,6 +40,12 @@ Here is a minimum configuration example.
39
40
40
41
Note that some Windows Event Log channels \(like `Security`\) requires an admin privilege for reading. In this case, you need to run fluent-bit as an administrator.
41
42
43
+
#### Query Languages for Event_Query Parameter
44
+
45
+
The `Event_Query` parameter can be used to specify the XML query for filtering Windows EventLog during collection.
46
+
The supported query types are [XPath](https://developer.mozilla.org/en-US/docs/Web/XPath) and XML Query.
47
+
For further details, please refer to [the MSDN doc](https://learn.microsoft.com/en-us/windows/win32/wes/consuming-events).
48
+
42
49
### Command Line
43
50
44
51
If you want to do a quick test, you can run this plugin from the command line.
0 commit comments