diff --git a/packages/winlog/agent/input/winlog.yml.hbs b/packages/winlog/agent/input/winlog.yml.hbs index d513725eb47..c542a8355c3 100644 --- a/packages/winlog/agent/input/winlog.yml.hbs +++ b/packages/winlog/agent/input/winlog.yml.hbs @@ -2,9 +2,6 @@ condition: ${host.platform} == 'windows' data_stream: dataset: {{data_stream.dataset}} name: {{channel}} -{{#if preserve_original_event}} -include_xml: true -{{/if}} {{#if providers}} provider: {{#each providers as |p|}} @@ -22,9 +19,20 @@ language: {{language}} {{/if}} {{#if tags.length}} tags: -{{#each tags as |tag i|}} +{{#each tags as |tag|}} - {{tag}} {{/each}} +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{else}} +{{#if preserve_original_event}} +tags: + - preserve_original_event +{{/if}} +{{/if}} +{{#if preserve_original_event}} +include_xml: true {{/if}} {{#if pipeline}} pipeline: {{pipeline}} diff --git a/packages/winlog/changelog.yml b/packages/winlog/changelog.yml index f22a9629d67..766059fcb08 100644 --- a/packages/winlog/changelog.yml +++ b/packages/winlog/changelog.yml @@ -1,10 +1,15 @@ # newer versions go on top +- version: "2.1.2" + changes: + - description: Add missing preserve_original_event tag when toggled on for Winlog + type: enhancement + link: https://github.com/elastic/integrations/pull/99999 - version: "2.1.1" changes: - description: Changed owners type: enhancement link: https://github.com/elastic/integrations/pull/8943 -- version: 2.1.0 +- version: "2.1.0" changes: - description: ECS version updated to 8.11.0. type: enhancement diff --git a/packages/winlog/manifest.yml b/packages/winlog/manifest.yml index 3a5276dd35a..64eb5c2aefc 100644 --- a/packages/winlog/manifest.yml +++ b/packages/winlog/manifest.yml @@ -3,7 +3,7 @@ name: winlog title: Custom Windows Event Logs description: Collect and parse logs from any Windows event log channel with Elastic Agent. type: input -version: "2.1.1" +version: "2.1.2" conditions: kibana: version: '^8.10.1'