There are multiple integrations that collect Windows Event logs, most notably system, windows, and winlog. While the winlog integration is designed for pulling logs from any defined channel, the system and windows integrations collect from a specific set of channels and apply some additional pipeline processing to make the data usable for observability and/or security purposes. Collecting the system event logs via the custom winlog integration will not apply the same pipelines, and would make the data less valuable to the user.
Documentation request:
Add a short paragraph to each of the three integrations (system, windows, winlog) to confirm the use case of that integration and a one or two sentence summary of the use case of the other integrations, so the user can decide which are best for their use case.
There are multiple integrations that collect Windows Event logs, most notably
system,windows, andwinlog. While thewinlogintegration is designed for pulling logs from any defined channel, thesystemandwindowsintegrations collect from a specific set of channels and apply some additional pipeline processing to make the data usable for observability and/or security purposes. Collecting the system event logs via the customwinlogintegration will not apply the same pipelines, and would make the data less valuable to the user.Documentation request:
Add a short paragraph to each of the three integrations (
system,windows,winlog) to confirm the use case of that integration and a one or two sentence summary of the use case of the other integrations, so the user can decide which are best for their use case.