diff --git a/CHANGELOG.md b/CHANGELOG.md index 42a3489ddfe1..8fb7d48f7559 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,6 +28,14 @@ ### Dependencies +## 2.7.4 (2023-02-23) + +#### Promtail + +##### Fixes + +* [7461](https://github.com/grafana/loki/pull/7461) **MarNicGit**: Promtail: Fix collecting userdata field from Windows Event Log + ## 2.7.3 (2023-02-01) #### Loki diff --git a/clients/pkg/promtail/targets/windows/format.go b/clients/pkg/promtail/targets/windows/format.go index a1f139ab5dc2..03c83ef54ce1 100644 --- a/clients/pkg/promtail/targets/windows/format.go +++ b/clients/pkg/promtail/targets/windows/format.go @@ -80,7 +80,7 @@ func formatLine(cfg *scrapeconfig.WindowsEventsTargetConfig, event win_eventlog. structuredEvent.EventData = string(event.EventData.InnerXML) } if !cfg.ExcludeUserData { - structuredEvent.UserData = string(event.EventData.InnerXML) + structuredEvent.UserData = string(event.UserData.InnerXML) } if event.Correlation.ActivityID != "" || event.Correlation.RelatedActivityID != "" { structuredEvent.Correlation = &Correlation{ diff --git a/clients/pkg/promtail/targets/windows/target_test.go b/clients/pkg/promtail/targets/windows/target_test.go index 4c098f3101c7..fffc123af550 100644 --- a/clients/pkg/promtail/targets/windows/target_test.go +++ b/clients/pkg/promtail/targets/windows/target_test.go @@ -156,7 +156,7 @@ func Test_renderEntries(t *testing.T) { Labels: model.LabelSet{"channel": "channel", "computer": "local", "job": "windows-events"}, Entry: logproto.Entry{ Timestamp: time.Unix(0, 1).UTC(), - Line: `{"source":"Application","channel":"channel","computer":"local","event_id":10,"version":10,"level":10,"task":10,"opCode":10,"keywords":"keywords","timeCreated":"1970-01-01T00:00:00.000000001Z","eventRecordID":11,"correlation":{"activityID":"some activity","relatedActivityID":"some related activity"},"execution":{"processId":1,"threadId":5},"security":{"userId":"1"},"user_data":"eventdata","event_data":"eventdata","message":"message"}`, + Line: `{"source":"Application","channel":"channel","computer":"local","event_id":10,"version":10,"level":10,"task":10,"opCode":10,"keywords":"keywords","timeCreated":"1970-01-01T00:00:00.000000001Z","eventRecordID":11,"correlation":{"activityID":"some activity","relatedActivityID":"some related activity"},"execution":{"processId":1,"threadId":5},"security":{"userId":"1"},"user_data":"userdata","event_data":"eventdata","message":"message"}`, }, }, }, entries)