From 3c7365e8009577ef251288739eab16bd2ba66051 Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Wed, 15 Dec 2021 16:43:41 +0100 Subject: [PATCH 1/3] Expose event_id, and language options to all winlog inputs --- packages/microsoft_sqlserver/changelog.yml | 5 +++++ .../audit/agent/stream/winlog.yml.hbs | 3 +++ .../data_stream/audit/manifest.yml | 8 ++++++++ packages/microsoft_sqlserver/manifest.yml | 2 +- packages/system/changelog.yml | 5 +++++ .../application/agent/stream/winlog.yml.hbs | 3 +++ .../system/data_stream/application/manifest.yml | 8 ++++++++ .../security/agent/stream/winlog.yml.hbs | 3 +++ .../system/data_stream/security/manifest.yml | 8 ++++++++ .../system/agent/stream/winlog.yml.hbs | 3 +++ packages/system/data_stream/system/manifest.yml | 8 ++++++++ packages/system/manifest.yml | 4 ++-- packages/windows/changelog.yml | 5 +++++ .../forwarded/agent/stream/winlog.yml.hbs | 6 ++++++ .../windows/data_stream/forwarded/manifest.yml | 15 +++++++++++++++ .../powershell/agent/stream/winlog.yml.hbs | 7 ++++++- .../windows/data_stream/powershell/manifest.yml | 16 ++++++++++++++++ .../agent/stream/winlog.yml.hbs | 7 ++++++- .../powershell_operational/manifest.yml | 16 ++++++++++++++++ .../agent/stream/winlog.yml.hbs | 6 ++++++ .../data_stream/sysmon_operational/manifest.yml | 15 +++++++++++++++ packages/windows/manifest.yml | 4 ++-- packages/winlog/changelog.yml | 5 +++++ .../stream/{stream.yml.hbs => winlog.yml.hbs} | 6 ++++++ packages/winlog/data_stream/winlog/manifest.yml | 16 ++++++++++++++++ packages/winlog/manifest.yml | 2 +- 26 files changed, 178 insertions(+), 8 deletions(-) rename packages/winlog/data_stream/winlog/agent/stream/{stream.yml.hbs => winlog.yml.hbs} (62%) diff --git a/packages/microsoft_sqlserver/changelog.yml b/packages/microsoft_sqlserver/changelog.yml index 117fd119208..0fda0d3714c 100644 --- a/packages/microsoft_sqlserver/changelog.yml +++ b/packages/microsoft_sqlserver/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Expose winlog input language option. + type: enhancement + link: https://github.com/elastic/integrations/pull/ - version: "0.1.0" changes: - description: Initial draft of the package diff --git a/packages/microsoft_sqlserver/data_stream/audit/agent/stream/winlog.yml.hbs b/packages/microsoft_sqlserver/data_stream/audit/agent/stream/winlog.yml.hbs index 134b2ccf91d..c495f232125 100644 --- a/packages/microsoft_sqlserver/data_stream/audit/agent/stream/winlog.yml.hbs +++ b/packages/microsoft_sqlserver/data_stream/audit/agent/stream/winlog.yml.hbs @@ -1,6 +1,9 @@ name: {{channel}} condition: ${host.platform} == 'windows' event_id: {{event_id}} +{{#if language}} +language: {{language}} +{{/if}} {{#if tags.length}} tags: {{else if preserve_original_event}} diff --git a/packages/microsoft_sqlserver/data_stream/audit/manifest.yml b/packages/microsoft_sqlserver/data_stream/audit/manifest.yml index 28c0f1f4006..e0bbb1624e1 100644 --- a/packages/microsoft_sqlserver/data_stream/audit/manifest.yml +++ b/packages/microsoft_sqlserver/data_stream/audit/manifest.yml @@ -23,6 +23,14 @@ streams: required: true default: Security show_user: true + - name: language + type: text + title: Language ID + description: >- + The language ID the events will be rendered in. The language will be forced regardless of the system language. A complete list of language IDs can be found https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lcid/a9eac961-e77d-41a6-90a5-ce1a8b0cdb9c[here]. It defaults to `0`, which indicates to use the system language. E.g.: 0x0409 for en-US + required: false + show_user: false + default: 0 - name: preserve_original_event required: true show_user: true diff --git a/packages/microsoft_sqlserver/manifest.yml b/packages/microsoft_sqlserver/manifest.yml index 21d7ff88768..9484bb02b65 100644 --- a/packages/microsoft_sqlserver/manifest.yml +++ b/packages/microsoft_sqlserver/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft_sqlserver title: "Microsoft SQL Server" -version: 0.1.0 +version: 0.2.0 license: basic description: Collect audit events from Microsoft SQL Server with Elastic Agent. type: integration diff --git a/packages/system/changelog.yml b/packages/system/changelog.yml index 4a89813af0d..fbc4bca2a6e 100644 --- a/packages/system/changelog.yml +++ b/packages/system/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Expose winlog input language option. + type: enhancement + link: https://github.com/elastic/integrations/pull/ - version: "1.6.6" changes: - description: Regenerate test files using the new GeoIP database diff --git a/packages/system/data_stream/application/agent/stream/winlog.yml.hbs b/packages/system/data_stream/application/agent/stream/winlog.yml.hbs index 3be121a7e2b..80695ab6792 100644 --- a/packages/system/data_stream/application/agent/stream/winlog.yml.hbs +++ b/packages/system/data_stream/application/agent/stream/winlog.yml.hbs @@ -4,6 +4,9 @@ ignore_older: 72h {{#if event_id}} event_id: {{event_id}} {{/if}} +{{#if language}} +language: {{language}} +{{/if}} {{#if processors}} processors: {{processors}} diff --git a/packages/system/data_stream/application/manifest.yml b/packages/system/data_stream/application/manifest.yml index 3c4bf8c6bb9..35e432df6eb 100644 --- a/packages/system/data_stream/application/manifest.yml +++ b/packages/system/data_stream/application/manifest.yml @@ -28,6 +28,14 @@ streams: title: Tags multi: true show_user: false + - name: language + type: text + title: Language ID + description: >- + The language ID the events will be rendered in. The language will be forced regardless of the system language. A complete list of language IDs can be found https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lcid/a9eac961-e77d-41a6-90a5-ce1a8b0cdb9c[here]. It defaults to `0`, which indicates to use the system language. E.g.: 0x0409 for en-US + required: false + show_user: false + default: 0 - input: httpjson title: Windows Application Events via Splunk Enterprise REST API description: Collect Application Events via Splunk Enterprise REST API diff --git a/packages/system/data_stream/security/agent/stream/winlog.yml.hbs b/packages/system/data_stream/security/agent/stream/winlog.yml.hbs index 031e9eb1822..49434256ef0 100644 --- a/packages/system/data_stream/security/agent/stream/winlog.yml.hbs +++ b/packages/system/data_stream/security/agent/stream/winlog.yml.hbs @@ -3,6 +3,9 @@ condition: ${host.platform} == 'windows' {{#if event_id}} event_id: {{event_id}} {{/if}} +{{#if language}} +language: {{language}} +{{/if}} {{#if processors}} processors: {{processors}} diff --git a/packages/system/data_stream/security/manifest.yml b/packages/system/data_stream/security/manifest.yml index 0413866626e..0fcb4463248 100644 --- a/packages/system/data_stream/security/manifest.yml +++ b/packages/system/data_stream/security/manifest.yml @@ -28,6 +28,14 @@ streams: title: Tags multi: true show_user: false + - name: language + type: text + title: Language ID + description: >- + The language ID the events will be rendered in. The language will be forced regardless of the system language. A complete list of language IDs can be found https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lcid/a9eac961-e77d-41a6-90a5-ce1a8b0cdb9c[here]. It defaults to `0`, which indicates to use the system language. E.g.: 0x0409 for en-US + required: false + show_user: false + default: 0 - input: httpjson title: Windows Security Events via Splunk Enterprise REST API description: Collect Security Events via Splunk Enterprise REST API diff --git a/packages/system/data_stream/system/agent/stream/winlog.yml.hbs b/packages/system/data_stream/system/agent/stream/winlog.yml.hbs index 0a4a5141e2c..b5db7808dc3 100644 --- a/packages/system/data_stream/system/agent/stream/winlog.yml.hbs +++ b/packages/system/data_stream/system/agent/stream/winlog.yml.hbs @@ -3,6 +3,9 @@ condition: ${host.platform} == 'windows' {{#if event_id}} event_id: {{event_id}} {{/if}} +{{#if language}} +language: {{language}} +{{/if}} {{#if processors}} processors: {{processors}} diff --git a/packages/system/data_stream/system/manifest.yml b/packages/system/data_stream/system/manifest.yml index bf439b01123..14e4948477b 100644 --- a/packages/system/data_stream/system/manifest.yml +++ b/packages/system/data_stream/system/manifest.yml @@ -28,6 +28,14 @@ streams: title: Tags multi: true show_user: false + - name: language + type: text + title: Language ID + description: >- + The language ID the events will be rendered in. The language will be forced regardless of the system language. A complete list of language IDs can be found https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lcid/a9eac961-e77d-41a6-90a5-ce1a8b0cdb9c[here]. It defaults to `0`, which indicates to use the system language. E.g.: 0x0409 for en-US + required: false + show_user: false + default: 0 - input: httpjson title: Windows System Events via Splunk Enterprise REST API description: Collect System Events via Splunk Enterprise REST API diff --git a/packages/system/manifest.yml b/packages/system/manifest.yml index 1a6cc171d49..21f52767978 100644 --- a/packages/system/manifest.yml +++ b/packages/system/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: system title: System -version: 1.6.6 +version: 1.7.0 license: basic description: Collect system logs and metrics from your servers with Elastic Agent. type: integration @@ -10,7 +10,7 @@ categories: - security release: ga conditions: - kibana.version: '^7.14.0 || ^8.0.0' + kibana.version: '^7.16.0 || ^8.0.0' screenshots: - src: /img/kibana-system.png title: kibana system diff --git a/packages/windows/changelog.yml b/packages/windows/changelog.yml index 60cd1ce321d..f23b6af34eb 100644 --- a/packages/windows/changelog.yml +++ b/packages/windows/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Expose winlog input language option. + type: enhancement + link: https://github.com/elastic/integrations/pull/ - version: "1.5.1" changes: - description: Change test public IPs to the supported subset diff --git a/packages/windows/data_stream/forwarded/agent/stream/winlog.yml.hbs b/packages/windows/data_stream/forwarded/agent/stream/winlog.yml.hbs index de5f2d92116..ee8b1ce5ed4 100644 --- a/packages/windows/data_stream/forwarded/agent/stream/winlog.yml.hbs +++ b/packages/windows/data_stream/forwarded/agent/stream/winlog.yml.hbs @@ -1,5 +1,11 @@ name: ForwardedEvents condition: ${host.platform} == 'windows' +{{#if event_id}} +event_id: {{event_id}} +{{/if}} +{{#if language}} +language: {{language}} +{{/if}} {{#if tags.length}} tags: {{else if preserve_original_event}} diff --git a/packages/windows/data_stream/forwarded/manifest.yml b/packages/windows/data_stream/forwarded/manifest.yml index d6fdb4ffd91..6ae30fde364 100644 --- a/packages/windows/data_stream/forwarded/manifest.yml +++ b/packages/windows/data_stream/forwarded/manifest.yml @@ -14,6 +14,21 @@ streams: title: Forwarded description: 'Collect ForwardedEvents channel logs' vars: + - name: event_id + type: text + title: Event ID + description: >- + A list of included and excluded (blocked) event IDs. The value is a comma-separated list. The accepted values are single event IDs to include (e.g. 4624), a range of event IDs to include (e.g. 4700-4800), and single event IDs to exclude (e.g. -4735). Limit 22 IDs. + required: true + show_user: false + - name: language + type: text + title: Language ID + description: >- + The language ID the events will be rendered in. The language will be forced regardless of the system language. A complete list of language IDs can be found https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lcid/a9eac961-e77d-41a6-90a5-ce1a8b0cdb9c[here]. It defaults to `0`, which indicates to use the system language. E.g.: 0x0409 for en-US + required: false + show_user: false + default: 0 - name: tags type: text title: Tags diff --git a/packages/windows/data_stream/powershell/agent/stream/winlog.yml.hbs b/packages/windows/data_stream/powershell/agent/stream/winlog.yml.hbs index 01ab93bfdc3..48eb09600fb 100644 --- a/packages/windows/data_stream/powershell/agent/stream/winlog.yml.hbs +++ b/packages/windows/data_stream/powershell/agent/stream/winlog.yml.hbs @@ -1,6 +1,11 @@ name: Windows PowerShell condition: ${host.platform} == 'windows' -event_id: 400, 403, 600, 800 +{{#if event_id}} +event_id: {{event_id}} +{{/if}} +{{#if language}} +language: {{language}} +{{/if}} {{#if tags.length}} tags: {{else if preserve_original_event}} diff --git a/packages/windows/data_stream/powershell/manifest.yml b/packages/windows/data_stream/powershell/manifest.yml index 31aab73e0c1..32d9f792c36 100644 --- a/packages/windows/data_stream/powershell/manifest.yml +++ b/packages/windows/data_stream/powershell/manifest.yml @@ -14,6 +14,22 @@ streams: title: Powershell description: 'Windows Powershell channel' vars: + - name: event_id + type: text + title: Event ID + description: >- + A list of included and excluded (blocked) event IDs. The value is a comma-separated list. The accepted values are single event IDs to include (e.g. 4624), a range of event IDs to include (e.g. 4700-4800), and single event IDs to exclude (e.g. -4735). Limit 22 IDs. + required: true + show_user: false + default: 400, 403, 600, 800 + - name: language + type: text + title: Language ID + description: >- + The language ID the events will be rendered in. The language will be forced regardless of the system language. A complete list of language IDs can be found https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lcid/a9eac961-e77d-41a6-90a5-ce1a8b0cdb9c[here]. It defaults to `0`, which indicates to use the system language. E.g.: 0x0409 for en-US + required: false + show_user: false + default: 0 - name: tags type: text title: Tags diff --git a/packages/windows/data_stream/powershell_operational/agent/stream/winlog.yml.hbs b/packages/windows/data_stream/powershell_operational/agent/stream/winlog.yml.hbs index b8079b19a16..b09aa847ca5 100644 --- a/packages/windows/data_stream/powershell_operational/agent/stream/winlog.yml.hbs +++ b/packages/windows/data_stream/powershell_operational/agent/stream/winlog.yml.hbs @@ -1,6 +1,11 @@ name: Microsoft-Windows-PowerShell/Operational condition: ${host.platform} == 'windows' -event_id: 4103, 4104, 4105, 4106 +{{#if event_id}} +event_id: {{event_id}} +{{/if}} +{{#if language}} +language: {{language}} +{{/if}} {{#if tags.length}} tags: {{else if preserve_original_event}} diff --git a/packages/windows/data_stream/powershell_operational/manifest.yml b/packages/windows/data_stream/powershell_operational/manifest.yml index 8eca400caa8..249ed34242a 100644 --- a/packages/windows/data_stream/powershell_operational/manifest.yml +++ b/packages/windows/data_stream/powershell_operational/manifest.yml @@ -14,6 +14,22 @@ streams: title: Powershell Operational description: 'Microsoft-Windows-Powershell/Operational channel' vars: + - name: event_id + type: text + title: Event ID + description: >- + A list of included and excluded (blocked) event IDs. The value is a comma-separated list. The accepted values are single event IDs to include (e.g. 4624), a range of event IDs to include (e.g. 4700-4800), and single event IDs to exclude (e.g. -4735). Limit 22 IDs. + required: true + show_user: false + default: 4103, 4104, 4105, 4106 + - name: language + type: text + title: Language ID + description: >- + The language ID the events will be rendered in. The language will be forced regardless of the system language. A complete list of language IDs can be found https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lcid/a9eac961-e77d-41a6-90a5-ce1a8b0cdb9c[here]. It defaults to `0`, which indicates to use the system language. E.g.: 0x0409 for en-US + required: false + show_user: false + default: 0 - name: tags type: text title: Tags diff --git a/packages/windows/data_stream/sysmon_operational/agent/stream/winlog.yml.hbs b/packages/windows/data_stream/sysmon_operational/agent/stream/winlog.yml.hbs index f164021fa57..a4b06e1f178 100644 --- a/packages/windows/data_stream/sysmon_operational/agent/stream/winlog.yml.hbs +++ b/packages/windows/data_stream/sysmon_operational/agent/stream/winlog.yml.hbs @@ -1,5 +1,11 @@ name: Microsoft-Windows-Sysmon/Operational condition: ${host.platform} == 'windows' +{{#if event_id}} +event_id: {{event_id}} +{{/if}} +{{#if language}} +language: {{language}} +{{/if}} {{#if tags.length}} tags: {{else if preserve_original_event}} diff --git a/packages/windows/data_stream/sysmon_operational/manifest.yml b/packages/windows/data_stream/sysmon_operational/manifest.yml index 396d2c319cf..4c70cff0ec5 100644 --- a/packages/windows/data_stream/sysmon_operational/manifest.yml +++ b/packages/windows/data_stream/sysmon_operational/manifest.yml @@ -6,6 +6,21 @@ streams: title: Sysmon Operational description: 'Collect Microsoft-Windows-Sysmon/Operational channel logs' vars: + - name: event_id + type: text + title: Event ID + description: >- + A list of included and excluded (blocked) event IDs. The value is a comma-separated list. The accepted values are single event IDs to include (e.g. 4624), a range of event IDs to include (e.g. 4700-4800), and single event IDs to exclude (e.g. -4735). Limit 22 IDs. + required: true + show_user: false + - name: language + type: text + title: Language ID + description: >- + The language ID the events will be rendered in. The language will be forced regardless of the system language. A complete list of language IDs can be found https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lcid/a9eac961-e77d-41a6-90a5-ce1a8b0cdb9c[here]. It defaults to `0`, which indicates to use the system language. E.g.: 0x0409 for en-US + required: false + show_user: false + default: 0 - name: tags type: text title: Tags diff --git a/packages/windows/manifest.yml b/packages/windows/manifest.yml index 4454c18715d..c6ac19b98d0 100644 --- a/packages/windows/manifest.yml +++ b/packages/windows/manifest.yml @@ -1,6 +1,6 @@ name: windows title: Windows -version: 1.5.1 +version: 1.6.0 description: Collect logs and metrics from Windows OS and services with Elastic Agent. type: integration categories: @@ -15,7 +15,7 @@ format_version: 1.0.0 license: basic release: ga conditions: - kibana.version: "^7.14.0 || ^8.0.0" + kibana.version: "^7.16.0 || ^8.0.0" screenshots: - src: /img/metricbeat-windows-service.png title: metricbeat windows service diff --git a/packages/winlog/changelog.yml b/packages/winlog/changelog.yml index bb2d199cf17..41102ea2c7a 100644 --- a/packages/winlog/changelog.yml +++ b/packages/winlog/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Expose winlog input language option. + type: enhancement + link: https://github.com/elastic/integrations/pull/ - version: "1.2.0" changes: - description: Add 8.0.0 version constraint diff --git a/packages/winlog/data_stream/winlog/agent/stream/stream.yml.hbs b/packages/winlog/data_stream/winlog/agent/stream/winlog.yml.hbs similarity index 62% rename from packages/winlog/data_stream/winlog/agent/stream/stream.yml.hbs rename to packages/winlog/data_stream/winlog/agent/stream/winlog.yml.hbs index 57fff7294b5..c0a23d6ae49 100644 --- a/packages/winlog/data_stream/winlog/agent/stream/stream.yml.hbs +++ b/packages/winlog/data_stream/winlog/agent/stream/winlog.yml.hbs @@ -2,6 +2,12 @@ condition: ${host.platform} == 'windows' data_stream: dataset: {{data_stream.dataset}} name: {{channel}} +{{#if event_id}} +event_id: {{event_id}} +{{/if}} +{{#if language}} +language: {{language}} +{{/if}} tags: {{#each tags}} - {{this}} diff --git a/packages/winlog/data_stream/winlog/manifest.yml b/packages/winlog/data_stream/winlog/manifest.yml index 8256e7abf2f..46ff628f860 100644 --- a/packages/winlog/data_stream/winlog/manifest.yml +++ b/packages/winlog/data_stream/winlog/manifest.yml @@ -4,6 +4,7 @@ streams: - input: winlog description: Collect Windows event logs from a custom channel title: Windows Event Logs + template_path: winlog.yml.hbs vars: - name: channel type: text @@ -40,6 +41,21 @@ streams: # - drop_event.when.not.or: # - equals.winlog.event_id: '903' # - equals.winlog.event_id: '1024' + - name: event_id + type: text + title: Event ID + description: >- + A list of included and excluded (blocked) event IDs. The value is a comma-separated list. The accepted values are single event IDs to include (e.g. 4624), a range of event IDs to include (e.g. 4700-4800), and single event IDs to exclude (e.g. -4735). Limit 22 IDs. + required: true + show_user: false + - name: language + type: text + title: Language ID + description: >- + The language ID the events will be rendered in. The language will be forced regardless of the system language. A complete list of language IDs can be found https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lcid/a9eac961-e77d-41a6-90a5-ce1a8b0cdb9c[here]. It defaults to `0`, which indicates to use the system language. E.g.: 0x0409 for en-US + required: false + show_user: false + default: 0 - input: httpjson title: Windows ForwardedEvents via Splunk Enterprise REST API description: Collect ForwardedEvents via Splunk Enterprise REST API diff --git a/packages/winlog/manifest.yml b/packages/winlog/manifest.yml index a6bdc121c47..395a83ebbac 100644 --- a/packages/winlog/manifest.yml +++ b/packages/winlog/manifest.yml @@ -3,7 +3,7 @@ name: winlog title: Custom Windows Event Logs description: Collect and parse logs from any Windows event log channel with Elastic Agent. type: integration -version: 1.2.0 +version: 1.3.0 release: ga conditions: kibana.version: '^7.16.0 || ^8.0.0' From 9f6b754d8817309c25d0c1a9cd515c083824231d Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Wed, 15 Dec 2021 16:47:40 +0100 Subject: [PATCH 2/3] Add PR to the changelogs --- packages/microsoft_sqlserver/changelog.yml | 2 +- packages/system/changelog.yml | 2 +- packages/windows/changelog.yml | 2 +- packages/winlog/changelog.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/microsoft_sqlserver/changelog.yml b/packages/microsoft_sqlserver/changelog.yml index 0fda0d3714c..3d674396cc9 100644 --- a/packages/microsoft_sqlserver/changelog.yml +++ b/packages/microsoft_sqlserver/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Expose winlog input language option. type: enhancement - link: https://github.com/elastic/integrations/pull/ + link: https://github.com/elastic/integrations/pull/2344 - version: "0.1.0" changes: - description: Initial draft of the package diff --git a/packages/system/changelog.yml b/packages/system/changelog.yml index fbc4bca2a6e..ec934cea504 100644 --- a/packages/system/changelog.yml +++ b/packages/system/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Expose winlog input language option. type: enhancement - link: https://github.com/elastic/integrations/pull/ + link: https://github.com/elastic/integrations/pull/2344 - version: "1.6.6" changes: - description: Regenerate test files using the new GeoIP database diff --git a/packages/windows/changelog.yml b/packages/windows/changelog.yml index f23b6af34eb..3445847cc5d 100644 --- a/packages/windows/changelog.yml +++ b/packages/windows/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Expose winlog input language option. type: enhancement - link: https://github.com/elastic/integrations/pull/ + link: https://github.com/elastic/integrations/pull/2344 - version: "1.5.1" changes: - description: Change test public IPs to the supported subset diff --git a/packages/winlog/changelog.yml b/packages/winlog/changelog.yml index 41102ea2c7a..91f0cb65f92 100644 --- a/packages/winlog/changelog.yml +++ b/packages/winlog/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Expose winlog input language option. type: enhancement - link: https://github.com/elastic/integrations/pull/ + link: https://github.com/elastic/integrations/pull/2344 - version: "1.2.0" changes: - description: Add 8.0.0 version constraint From 7fada81005a1564bfbbaa7b638ce3452252e63ca Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Wed, 15 Dec 2021 16:59:24 +0100 Subject: [PATCH 3/3] Fix language description link --- packages/winlog/data_stream/winlog/manifest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/winlog/data_stream/winlog/manifest.yml b/packages/winlog/data_stream/winlog/manifest.yml index 46ff628f860..a2f53e03a2f 100644 --- a/packages/winlog/data_stream/winlog/manifest.yml +++ b/packages/winlog/data_stream/winlog/manifest.yml @@ -52,7 +52,7 @@ streams: type: text title: Language ID description: >- - The language ID the events will be rendered in. The language will be forced regardless of the system language. A complete list of language IDs can be found https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lcid/a9eac961-e77d-41a6-90a5-ce1a8b0cdb9c[here]. It defaults to `0`, which indicates to use the system language. E.g.: 0x0409 for en-US + The language ID the events will be rendered in. The language will be forced regardless of the system language. A complete list of language IDs can be found [here](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lcid/a9eac961-e77d-41a6-90a5-ce1a8b0cdb9c). It defaults to `0`, which indicates to use the system language. E.g.: `0x0409` for `en-US` required: false show_user: false default: 0