[EDOT][windows] add missing samples for windows (#10728)

VihasMakwana · web-flow · commit 03a81c005d38 · 2025-10-27T16:14:46.000+05:30
* add docs and changelog

* remove redundant
diff --git a/changelog/fragments/1761201534-add-mOTLP-and-ES-sample-in-EDOT-for-Windows.yaml b/changelog/fragments/1761201534-add-mOTLP-and-ES-sample-in-EDOT-for-Windows.yaml
@@ -0,0 +1,32 @@
+# Kind can be one of:
+# - breaking-change: a change to previously-documented behavior
+# - deprecation: functionality that is being removed in a later release
+# - bug-fix: fixes a problem in a previous version
+# - enhancement: extends functionality but does not break or fix existing behavior
+# - feature: new functionality
+# - known-issue: problems that we are aware of in a given version
+# - security: impacts on the security of a product or a user’s deployment.
+# - upgrade: important information for someone upgrading from a prior version
+# - other: does not fit into any of the other categories
+kind: feature
+
+# Change summary; a 80ish characters long description of the change.
+summary: Add sample config files for Windows ES and mOTLP ingestion.
+
+# Long description; in case the summary is not enough to describe the change
+# this field accommodate a description without length limits.
+# NOTE: This field will be rendered only for breaking-change and known-issue kinds at the moment.
+#description:
+
+# Affected component; usually one of "elastic-agent", "fleet-server", "filebeat", "metricbeat", "auditbeat", "all", etc.
+component:
+
+# PR URL; optional; the PR number that added the changeset.
+# If not present is automatically filled by the tooling finding the PR where this changelog fragment has been added.
+# NOTE: the tooling supports backports, so it's able to fill the original PR number instead of the backport PR number.
+# Please provide it if you are adding a fragment for a different PR.
+#pr: https://github.com/owner/repo/1234
+
+# Issue URL; optional; the GitHub issue related to this changeset (either closes or is part of).
+# If not present is automatically filled by the tooling with the issue linked to the PR number.
+issue: https://github.com/elastic/elastic-agent/issues/10540
diff --git a/internal/pkg/otel/samples/windows/managed_otlp/logs_metrics_traces.yml b/internal/pkg/otel/samples/windows/managed_otlp/logs_metrics_traces.yml
@@ -0,0 +1,129 @@
+receivers:
+  windowseventlog:
+    channel: application
+
+  # Receiver for CPU, Disk, Memory, and Filesystem metrics
+  hostmetrics/system:
+    collection_interval: 60s
+    scrapers:
+      filesystem:
+      memory:
+        metrics:
+          system.memory.utilization:
+            enabled: true
+      # process scraper is disabled for now: https://github.com/open-telemetry/opentelemetry-collector-contrib/issues/39423
+      #process:
+      #  mute_process_exe_error: true
+      #  mute_process_io_error: true
+      #  mute_process_user_error: true
+      #  metrics:
+      #    process.threads:
+      #      enabled: true
+      #    process.open_file_descriptors:
+      #      enabled: true
+      #    process.memory.utilization:
+      #      enabled: true
+      #    process.disk.operations:
+      #      enabled: true
+      network:
+      processes:
+      load:
+
+  # Receiver for logs, traces, and metrics from SDKs
+  otlp/fromsdk:
+    protocols:
+      grpc:
+      http:
+
+extensions:
+  file_storage:
+    directory: ${env:STORAGE_DIR}
+
+processors:
+  resourcedetection:
+    detectors: ["system"]
+    system:
+      hostname_sources: ["os"]
+      resource_attributes:
+        host.name:
+          enabled: true
+        host.id:
+          enabled: false
+        host.arch:
+          enabled: true
+        host.ip:
+          enabled: true
+        host.mac:
+          enabled: true
+        host.cpu.vendor.id:
+          enabled: true
+        host.cpu.family:
+          enabled: true
+        host.cpu.model.id:
+          enabled: true
+        host.cpu.model.name:
+          enabled: true
+        host.cpu.stepping:
+          enabled: true
+        host.cpu.cache.l2.size:
+          enabled: true
+        os.description:
+          enabled: true
+        os.type:
+          enabled: true
+
+exporters:
+  otlp/ingest_logs:
+    endpoint: ${env:ELASTIC_OTLP_ENDPOINT}
+    headers:
+      Authorization: ApiKey ${env:ELASTIC_API_KEY}
+    sending_queue:
+      enabled: true
+      sizer: bytes
+      queue_size: 50000000 # 50MB uncompressed
+      block_on_overflow: true
+      batch:
+        flush_interval: 1s
+        min_size: 1_000_000 # 1MB uncompressed
+        max_size: 4_000_000 # 4MB uncompressed
+  otlp/ingest_metrics_traces:
+    endpoint: ${env:ELASTIC_OTLP_ENDPOINT}
+    headers:
+      Authorization: ApiKey ${env:ELASTIC_API_KEY}
+    sending_queue:
+      enabled: true
+      sizer: bytes
+      queue_size: 50000000 # 50MB uncompressed
+      block_on_overflow: true
+      batch:
+        flush_interval: 1s
+        min_size: 1_000_000 # 1MB uncompressed
+        max_size: 4_000_000 # 4MB uncompressed
+
+service:
+  extensions: [file_storage]
+  pipelines:
+    traces/fromsdk:
+      receivers: [otlp/fromsdk]
+      processors: []
+      exporters: [otlp/ingest_metrics_traces]
+
+    metrics/fromsdk:
+      receivers: [otlp/fromsdk]
+      processors: []
+      exporters: [otlp/ingest_metrics_traces]
+
+    logs/fromsdk:
+      receivers: [otlp/fromsdk]
+      processors: []
+      exporters: [otlp/ingest_logs]
+
+    metrics/hostmetrics:
+      receivers: [hostmetrics/system]
+      processors: [resourcedetection]
+      exporters: [otlp/ingest_metrics_traces]
+
+    logs/platformlogs:
+      receivers: [windowseventlog]
+      processors: [resourcedetection]
+      exporters: [otlp/ingest_logs]
diff --git a/internal/pkg/otel/samples/windows/managed_otlp/platformlogs.yml b/internal/pkg/otel/samples/windows/managed_otlp/platformlogs.yml
@@ -0,0 +1,65 @@
+receivers:
+  windowseventlog:
+    channel: application
+
+processors:
+  resourcedetection:
+    detectors: ["system"]
+    system:
+      hostname_sources: ["os"]
+      resource_attributes:
+        host.name:
+          enabled: true
+        host.id:
+          enabled: false
+        host.arch:
+          enabled: true
+        host.ip:
+          enabled: true
+        host.mac:
+          enabled: true
+        host.cpu.vendor.id:
+          enabled: true
+        host.cpu.family:
+          enabled: true
+        host.cpu.model.id:
+          enabled: true
+        host.cpu.model.name:
+          enabled: true
+        host.cpu.stepping:
+          enabled: true
+        host.cpu.cache.l2.size:
+          enabled: true
+        os.description:
+          enabled: true
+        os.type:
+          enabled: true
+
+exporters:
+  # Exporter to print the first 5 logs/metrics and then every 1000th
+  debug:
+    verbosity: detailed
+    sampling_initial: 5
+    sampling_thereafter: 1000
+
+# Exporter to send logs and metrics to Elasticsearch Managed OTLP Input
+  otlp/ingest:
+    endpoint: ${env:ELASTIC_OTLP_ENDPOINT}
+    headers:
+      Authorization: ApiKey ${env:ELASTIC_API_KEY}
+    sending_queue:
+      enabled: true
+      sizer: bytes
+      queue_size: 50000000 # 50MB uncompressed
+      block_on_overflow: true
+      batch:
+        flush_interval: 1s
+        min_size: 1_000_000 # 1MB uncompressed
+        max_size: 4_000_000 # 4MB uncompressed
+
+service:
+  pipelines:
+    logs/platformlogs:
+      receivers: [windowseventlog]
+      processors: [resourcedetection]
+      exporters: [debug, otlp/ingest]
diff --git a/internal/pkg/otel/samples/windows/managed_otlp/platformlogs_hostmetrics.yml b/internal/pkg/otel/samples/windows/managed_otlp/platformlogs_hostmetrics.yml
@@ -0,0 +1,90 @@
+receivers:
+  windowseventlog:
+    channel: application
+
+  # Receiver for CPU, Disk, Memory, and Filesystem metrics
+  hostmetrics/system:
+    collection_interval: 60s
+    scrapers:
+      filesystem:
+      memory:
+        metrics:
+          system.memory.utilization:
+            enabled: true
+      # process scraper is disabled for now: https://github.com/open-telemetry/opentelemetry-collector-contrib/issues/39423
+      #process:
+      #  mute_process_exe_error: true
+      #  mute_process_io_error: true
+      #  mute_process_user_error: true
+      #  metrics:
+      #    process.threads:
+      #      enabled: true
+      #    process.open_file_descriptors:
+      #      enabled: true
+      #    process.memory.utilization:
+      #      enabled: true
+      #    process.disk.operations:
+      #      enabled: true
+      network:
+      processes:
+      load:
+
+processors:
+  resourcedetection:
+    detectors: ["system"]
+    system:
+      hostname_sources: ["os"]
+      resource_attributes:
+        host.name:
+          enabled: true
+        host.id:
+          enabled: false
+        host.arch:
+          enabled: true
+        host.ip:
+          enabled: true
+        host.mac:
+          enabled: true
+        host.cpu.vendor.id:
+          enabled: true
+        host.cpu.family:
+          enabled: true
+        host.cpu.model.id:
+          enabled: true
+        host.cpu.model.name:
+          enabled: true
+        host.cpu.stepping:
+          enabled: true
+        host.cpu.cache.l2.size:
+          enabled: true
+        os.description:
+          enabled: true
+        os.type:
+          enabled: true
+
+exporters:
+  # Exporter to send logs and metrics to Elasticsearch Managed OTLP Input
+  otlp/ingest:
+    endpoint: ${env:ELASTIC_OTLP_ENDPOINT}
+    headers:
+      Authorization: ApiKey ${env:ELASTIC_API_KEY}
+    sending_queue:
+      enabled: true
+      sizer: bytes
+      queue_size: 50000000 # 50MB uncompressed
+      block_on_overflow: true
+      batch:
+        flush_interval: 1s
+        min_size: 1_000_000 # 1MB uncompressed
+        max_size: 4_000_000 # 4MB uncompressed
+
+service:
+  pipelines:
+    metrics/hostmetrics:
+      receivers: [hostmetrics/system]
+      processors: [resourcedetection]
+      exporters: [otlp/ingest]
+    logs/platformlogs:
+      receivers: [windowseventlog]
+      processors: [resourcedetection]
+      exporters: [otlp/ingest]
diff --git a/internal/pkg/otel/samples/windows/platformlogs.yml b/internal/pkg/otel/samples/windows/platformlogs.yml
@@ -0,0 +1,57 @@
+receivers:
+  windowseventlog:
+    channel: application
+
+processors:
+  resourcedetection:
+    detectors: ["system"]
+    system:
+      hostname_sources: ["os"]
+      resource_attributes:
+        host.name:
+          enabled: true
+        host.id:
+          enabled: false
+        host.arch:
+          enabled: true
+        host.ip:
+          enabled: true
+        host.mac:
+          enabled: true
+        host.cpu.vendor.id:
+          enabled: true
+        host.cpu.family:
+          enabled: true
+        host.cpu.model.id:
+          enabled: true
+        host.cpu.model.name:
+          enabled: true
+        host.cpu.stepping:
+          enabled: true
+        host.cpu.cache.l2.size:
+          enabled: true
+        os.description:
+          enabled: true
+        os.type:
+          enabled: true
+
+exporters:
+  # Exporter to print the first 5 logs/metrics and then every 1000th
+  debug:
+    verbosity: detailed
+    sampling_initial: 5
+    sampling_thereafter: 1000
+
+  # Exporter to send logs and metrics to Elasticsearch
+  elasticsearch/otel:
+    endpoints: ["${env:ELASTIC_ENDPOINT}"]
+    api_key: ${env:ELASTIC_API_KEY}
+    mapping:
+      mode: otel
+
+service:
+  pipelines:
+    logs/platformlogs:
+      receivers: [windowseventlog]
+      processors: [resourcedetection]
+      exporters: [debug, elasticsearch/otel]
diff --git a/internal/pkg/otel/samples/windows/platformlogs_hostmetrics.yml b/internal/pkg/otel/samples/windows/platformlogs_hostmetrics.yml
