From ee563ac5aec0fc2a86dd03294878e3d5f5b43dbc Mon Sep 17 00:00:00 2001 From: kcreddy Date: Sat, 29 Jul 2023 22:31:37 +0530 Subject: [PATCH] Add missing query for evtx processing --- CHANGELOG.next.asciidoc | 1 + winlogbeat/eventlog/wineventlog.go | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 49595dea612..8b9c87f3b53 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -34,6 +34,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] *Winlogbeat* - Add "event.category" and "event.type" to Sysmon module for EventIDs 8, 9, 19, 20, 27, 28, 255 {pull}35193[35193] +- Fix end point deregistration in http_endpoint input. {issue}16826[16826] {pull}1111[1111] *Functionbeat* diff --git a/winlogbeat/eventlog/wineventlog.go b/winlogbeat/eventlog/wineventlog.go index 4f1cb38b171..e0eeb8025b8 100644 --- a/winlogbeat/eventlog/wineventlog.go +++ b/winlogbeat/eventlog/wineventlog.go @@ -332,7 +332,7 @@ func (l *winEventLog) Open(state checkpoint.EventLogState) error { func (l *winEventLog) openFile(state checkpoint.EventLogState, bookmark win.EvtHandle) error { path := l.channelName - h, err := win.EvtQuery(0, path, "", win.EvtQueryFilePath|win.EvtQueryForwardDirection) + h, err := win.EvtQuery(0, path, l.query, win.EvtQueryFilePath|win.EvtQueryForwardDirection) if err != nil { l.metrics.logError(err) return fmt.Errorf("failed to get handle to event log file %v: %w", path, err)