github.com/observiq/carbon@v0.9.11-0.20200820160507-1b872e368a5e/docs/operators/windows_eventlog_input.md (about) 1 ## `windows_eventlog_input` operator 2 3 The `windows_eventlog_input` operator reads logs from the windows event log API. 4 5 ### Configuration Fields 6 7 | Field | Default | Description | 8 | --- | --- | --- | 9 | `id` | `windows_eventlog_input` | A unique identifier for the operator | 10 | `output` | Next in pipeline | The connected operator(s) that will receive all outbound entries | 11 | `channel` | required | The windows event log channel to monitor | 12 | `max_reads` | 100 | The maximum number of records read into memory, before beginning a new batch | 13 | `start_at` | `end` | On first startup, where to start reading logs from the API. Options are `beginning` or `end` | 14 | `poll_interval` | 1s | The interval at which the channel is checked for new log entries. This check begins again after all new records have been read | 15 | `write_to` | $ | The record [field](/docs/types/field.md) written to when creating a new log entry | 16 | `labels` | {} | A map of `key: value` labels to add to the entry's labels | 17 | `resource` | {} | A map of `key: value` labels to add to the entry's resource | 18 19 ### Example Configurations 20 21 #### Simple 22 23 Configuration: 24 ```yaml 25 - type: windows_eventlog_input 26 channel: application 27 ``` 28 29 Output entry sample: 30 ```json 31 { 32 "timestamp": "2020-04-30T12:10:17.656726-04:00", 33 "severity": 30, 34 "record": { 35 "event_id": { 36 "qualifiers": 0, 37 "id": 1000, 38 }, 39 "provider": { 40 "name": "provider name", 41 "guid": "provider guid", 42 "event_source": "event source", 43 }, 44 "system_time": "2020-04-30T12:10:17.656726789Z", 45 "computer": "example computer", 46 "channel": "application", 47 "record_id": 1, 48 "level": "Information", 49 "message": "example message", 50 "task": "example task", 51 "opcode": "example opcode", 52 "keywords": ["example keyword"], 53 } 54 } 55 ```