[Winlogbeat] remove eventlogger (#24463) (#24500)

* Rename file * Remove deprecated eventlogging api and unused code * Update CHANGELOG.next.asciidoc Co-authored-by: Andrew Kroh <[email protected]> Co-authored-by: Andrew Kroh <[email protected]> (cherry picked from commit 9552c3a)
elastic · Mar 15, 2021 · 71df987 · 71df987
1 parent 8050589
commit 71df987
Show file tree

Hide file tree

Showing 18 changed files with 36 additions and 2,051 deletions.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -699,6 +699,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Add dns.question.top_level_domain fields for sysmon DNS events. {pull}23046[23046]
 - Add Audit and Authentication Polixy Change Events and related.ip information {pull}20684[20684]
 - Add new ECS 1.8 improvements. {pull}23563[23563]
+- Remove deprecated eventlogging api that was used for Windows XP/2003 and associated unused code. {pull}24463[24463]
 
 *Elastic Log Driver*
 

diff --git a/winlogbeat/_meta/fields.common.yml b/winlogbeat/_meta/fields.common.yml
@@ -27,14 +27,8 @@
           required: true
           description: >
             The event log API type used to read the record. The possible values are
-            "wineventlog" for the Windows Event Log API or "eventlogging" for the
-            Event Logging API.
-
-            The Event Logging API was designed for Windows Server 2003
-            or Windows 2000 operating systems. In Windows Vista, the event logging
-            infrastructure was redesigned. On Windows Vista or later operating
-            systems, the Windows Event Log API is used. Winlogbeat automatically
-            detects which API to use for reading event logs.
+            "wineventlog" for the Windows Event Log API or "wineventlog-experimental" for its
+            experimental implementation.
 
         - name: activity_id
           type: keyword

diff --git a/winlogbeat/docs/fields.asciidoc b/winlogbeat/docs/fields.asciidoc
@@ -9847,8 +9847,7 @@ All fields specific to the Windows Event Log are defined here.
 *`winlog.api`*::
 +
 --
-The event log API type used to read the record. The possible values are "wineventlog" for the Windows Event Log API or "eventlogging" for the Event Logging API.
-The Event Logging API was designed for Windows Server 2003 or Windows 2000 operating systems. In Windows Vista, the event logging infrastructure was redesigned. On Windows Vista or later operating systems, the Windows Event Log API is used. Winlogbeat automatically detects which API to use for reading event logs.
+The event log API type used to read the record. The possible values are "wineventlog" for the Windows Event Log API or "wineventlog-experimental" for its experimental implementation.
 
 
 required: True

diff --git a/winlogbeat/eventlog/bench_test.go b/winlogbeat/eventlog/bench_test.go
@@ -25,7 +25,6 @@ import (
 	"fmt"
 	"math/rand"
 	"strconv"
-	"strings"
 	"testing"
 
 	"golang.org/x/sys/windows/svc/eventlog"
@@ -70,21 +69,14 @@ func TestBenchmarkRead(t *testing.T) {
 			}
 		})
 	}
-
-	t.Run("api="+eventLoggingAPIName, func(t *testing.T) {
-		result := testing.Benchmark(benchmarkEventLog(eventLoggingAPIName, -1))
-		outputBenchmarkResults(t, result)
-	})
 }
 
 func benchmarkEventLog(api string, batchSize int) func(b *testing.B) {
 	return func(b *testing.B) {
 		conf := common.MapStr{
-			"name": providerName,
-		}
-		if strings.HasPrefix(api, "wineventlog") {
-			conf.Put("batch_read_size", batchSize)
-			conf.Put("no_more_events", "stop")
+			"name":            providerName,
+			"batch_read_size": batchSize,
+			"no_more_events":  "stop",
 		}
 
 		log := openLog(b, api, nil, conf)

diff --git a/winlogbeat/eventlog/eventlogging.go b/winlogbeat/eventlog/eventlogging.go