[confgenerator] Fix Message, EventCategory and EventType in windows_event_log_v1.

[franciscovalentecastro]

Description

Details :

• Parses the original XML record to preserve non-rendered and non-parsed fields.
• Uses ContainValues to check for EventType cases in the old Windows Event Log API.

Notes :

• To be able to do a similar thing upstream ¹ we would need to create a feature (e.g. "non_parsed_non_rendered") that does the following :
  • Preserve Non-Rendered fields without suppressing the RenderingInfo syscall (suppress_rendering_info: true does this, but drops Message since its part of RenderingInfo)
  • Preserves Non-Parsed Message security message.
• This thread [receiver/windowseventlog] Decouple rendering logic from 'raw' open-telemetry/opentelemetry-collector-contrib#34131 shows that it may not necessarily be simple to do it without going against some of the current design decisions.
• See the table in : [receiver/windowseventlog] Decouple rendering logic from 'raw' open-telemetry/opentelemetry-collector-contrib#34131 (comment)
• See comment : [receiver/windowseventlog] Decouple rendering logic from 'raw' open-telemetry/opentelemetry-collector-contrib#34131 (comment)
• Related upstream change : [receiver/windowseventlog] Add suppress_rendering_info parameter and simplify internal logic. open-telemetry/opentelemetry-collector-contrib#34720

Related issue

How has this been tested?

Checklist:

• Unit tests
  • Unit tests do not apply.
  • Unit tests have been added/modified and passed for this PR.
• Integration tests
  • Integration tests do not apply.
  • Integration tests have been added/modified and passed for this PR.
• Documentation
  • This PR introduces no user visible changes.
  • This PR introduces user visible changes and the corresponding documentation change has been made.
• Minor version bump
  • This PR introduces no new features.
  • This PR introduces new features, and there is a separate PR to bump the minor version since the last release already.
  • This PR bumps the version.

Footnotes

1. https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/v0.145.0/receiver/windowseventlogreceiver ↩

[quentinmit]

I think you can just set jsonPayload directly:

"jsonPayload": {StaticValue: &defaultMessage},

instead of having to enumerate all the individual fields.

[franciscovalentecastro]

This doesn't work at the moment, probably we would have to update the Lua Accessor implementation :

go test ./transformation_test -update
--- FAIL: TestTransformationTests (3.01s)
    --- FAIL: TestTransformationTests/logging_processor-windows_event_log_raw_xml (2.99s)
        --- FAIL: TestTransformationTests/logging_processor-windows_event_log_raw_xml/fluent-bit (0.00s)
panic: failed to convert jsonPayload to Lua accessor: field "jsonPayload" not found [recovered]
        panic: failed to convert jsonPayload to Lua accessor: field "jsonPayload" not found

goroutine 187 [running]:
testing.tRunner.func1.2({0x3051680, 0xc001d16f80})
        /usr/local/google/home/fcovalente/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.24.4.linux-amd64/src/testing/testing.go:1734 +0x21c
testing.tRunner.func1()
        /usr/local/google/home/fcovalente/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.24.4.linux-amd64/src/testing/testing.go:1737 +0x35e
panic({0x3051680?, 0xc001d16f80?})
        /usr/local/google/home/fcovalente/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.24.4.linux-amd64/src/runtime/panic.go:792 +0x132
github.com/GoogleCloudPlatform/ops-agent/confgenerator.LoggingProcessorModifyFields.Components(...)
        /usr/local/google/h