diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index 24f24047a3d..a950d3c8504 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -123,6 +123,7 @@ https://github.com/elastic/beats/compare/v6.0.0-beta2...master[Check the HEAD di - Fix the registry file. It was not correctly storing event log names, and upon restart it would begin reading at the start of each event log. {issue}5813[5813] +- Fix config validation to allow `event_logs.processors`. [pull]6217[6217] ==== Added diff --git a/winlogbeat/eventlog/factory.go b/winlogbeat/eventlog/factory.go index 35b1faf8fee..a88a729cbef 100644 --- a/winlogbeat/eventlog/factory.go +++ b/winlogbeat/eventlog/factory.go @@ -10,7 +10,8 @@ import ( "github.com/elastic/beats/libbeat/common" ) -var commonConfigKeys = []string{"api", "name", "fields", "fields_under_root", "tags"} +var commonConfigKeys = []string{"api", "name", "fields", "fields_under_root", + "tags", "processors"} // ConfigCommon is the common configuration data used to instantiate a new // EventLog. Each implementation is free to support additional configuration diff --git a/winlogbeat/tests/system/config/winlogbeat.yml.j2 b/winlogbeat/tests/system/config/winlogbeat.yml.j2 index 8ca238a13ba..77bb1475eda 100644 --- a/winlogbeat/tests/system/config/winlogbeat.yml.j2 +++ b/winlogbeat/tests/system/config/winlogbeat.yml.j2 @@ -44,6 +44,11 @@ winlogbeat.event_logs: {%- if log.invalid is defined %} invalid: {{ log.invalid }} {% endif %} + {% if log.extras -%} + {% for k, v in log.extras.items() -%} + {{ k }}: {{ v }} + {% endfor %} + {% endif -%} {% endfor -%} {% endif %} diff --git a/winlogbeat/tests/system/test_eventlogging.py b/winlogbeat/tests/system/test_eventlogging.py index c95abc78705..adfbef28078 100644 --- a/winlogbeat/tests/system/test_eventlogging.py +++ b/winlogbeat/tests/system/test_eventlogging.py @@ -205,3 +205,30 @@ def test_registry_data(self): self.assertIn(self.providerName, event_logs) record_number = event_logs[self.providerName]["record_number"] self.assertGreater(record_number, 0) + + def test_processors(self): + """ + eventlogging - Processors are applied + """ + self.write_event_log("Hello world!") + + config = { + "event_logs": [ + { + "name": self.providerName, + "api": self.api, + "extras": { + "processors": [ + { + "drop_fields": { + "fields": ["message"], + } + } + ], + }, + } + ] + } + evts = self.read_events(config) + self.assertTrue(len(evts), 1) + self.assertNotIn("message", evts[0]) diff --git a/winlogbeat/tests/system/test_wineventlog.py b/winlogbeat/tests/system/test_wineventlog.py index 3d6aa32dd38..757bdbc7e18 100644 --- a/winlogbeat/tests/system/test_wineventlog.py +++ b/winlogbeat/tests/system/test_wineventlog.py @@ -349,3 +349,30 @@ def test_registry_data(self): self.assertIn(self.providerName, event_logs) record_number = event_logs[self.providerName]["record_number"] self.assertGreater(record_number, 0) + + def test_processors(self): + """ + wineventlog - Processors are applied + """ + self.write_event_log("Hello world!") + + config = { + "event_logs": [ + { + "name": self.providerName, + "api": self.api, + "extras": { + "processors": [ + { + "drop_fields": { + "fields": ["message"], + } + } + ], + }, + } + ] + } + evts = self.read_events(config) + self.assertTrue(len(evts), 1) + self.assertNotIn("message", evts[0])