func()

in confgenerator/logging_receivers.go [416:495]

• 58 lines of code
• 8 McCabe index (conditional complexity)

func (r LoggingReceiverWindowsEventLog) Components(ctx context.Context, tag string) []fluentbit.Component {
	if len(r.ReceiverVersion) == 0 {
		r.ReceiverVersion = "1"
	}

	inputName := "winlog"
	timeKey := "TimeGenerated"

	if !r.IsDefaultVersion() {
		inputName = "winevtlog"
		timeKey = "TimeCreated"
	}

	// https://docs.fluentbit.io/manual/pipeline/inputs/windows-event-log
	input := []fluentbit.Component{{
		Kind: "INPUT",
		Config: map[string]string{
			"Name": inputName,
			"Tag":  tag,
			// TODO(@braydonk): Remove this upon the next Fluent Bit update. See https://github.com/fluent/fluent-bit/issues/8854
			"String_Inserts": "true",
			"Channels":       strings.Join(r.Channels, ","),
			"Interval_Sec":   "1",
			"DB":             DBPath(tag),
		},
	}}

	// On Windows Server 2012/2016, there is a known problem where most log fields end
	// up blank. The Use_ANSI configuration is provided to work around this; however,
	// this also strips Unicode characters away, so we only use it on affected
	// platforms. This only affects the newer API.
	p := platform.FromContext(ctx)
	if !r.IsDefaultVersion() && (p.Is2012() || p.Is2016()) {
		input[0].Config["Use_ANSI"] = "True"
	}

	if r.RenderAsXML {
		input[0].Config["Render_Event_As_XML"] = "True"
		// By default, fluent-bit puts the rendered XML into a field named "System"
		// (this is a constant field name and has no relation to the "System" channel).
		// Rename it to "raw_xml" because it's a more descriptive name than "System".
		input = append(input, modify.NewRenameOptions("System", "raw_xml").Component(tag))
	}

	// Parser for parsing TimeCreated/TimeGenerated field as log record timestamp.
	timestampParserName := fmt.Sprintf("%s.timestamp_parser", tag)
	timestampParser := fluentbit.Component{
		Kind: "PARSER",
		Config: map[string]string{
			"Name":        timestampParserName,
			"Format":      "regex",
			"Time_Format": "%Y-%m-%d %H:%M:%S %z",
			"Time_Key":    "timestamp",
			"Regex":       `(?<timestamp>\d+-\d+-\d+ \d+:\d+:\d+ [+-]\d{4})`,
		},
	}

	timestampParserFilters := fluentbit.ParserFilterComponents(tag, timeKey, []string{timestampParserName}, true)
	input = append(input, timestampParser)
	input = append(input, timestampParserFilters...)

	var filters []fluentbit.Component
	if r.IsDefaultVersion() {
		filters = fluentbit.TranslationComponents(tag, "EventType", "logging.googleapis.com/severity", false,
			[]struct{ SrcVal, DestVal string }{
				{"Error", "ERROR"},
				{"Information", "INFO"},
				{"Warning", "WARNING"},
				{"SuccessAudit", "NOTICE"},
				{"FailureAudit", "NOTICE"},
			})
	} else {
		// Ordinarily we use fluentbit.TranslationComponents to populate severity,
		// which uses 'modify' filters, except 'modify' filters only work on string
		// values and Level is an int. So we need to use Lua.
		filters = fluentbit.LuaFilterComponents(tag, "process", eventLogV2SeverityParserLua)
	}

	return append(input, filters...)
}