[Metricbeat] Windows Module add wmi metricset

NOTICE.txt

@@ -20790,6 +20790,37 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 
+--------------------------------------------------------------------------------
+Dependency : github.com/microsoft/wmi
+Version: v0.25.1
+Licence type (autodetected): MIT
+--------------------------------------------------------------------------------
+
+Contents of probable licence file $GOMODCACHE/github.com/microsoft/[email protected]/LICENSE:
+
+    MIT License
+
+    Copyright (c) Microsoft Corporation. All rights reserved.
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE
+
+
 --------------------------------------------------------------------------------
 Dependency : github.com/miekg/dns
 Version: v1.1.61

go.mod

@@ -202,6 +202,7 @@ require (
 	github.com/klauspost/compress v1.17.11
 	github.com/meraki/dashboard-api-go/v3 v3.0.9
 	github.com/microsoft/go-mssqldb v1.7.2
+	github.com/microsoft/wmi v0.25.1
 	github.com/otiai10/copy v1.12.0
 	github.com/pierrec/lz4/v4 v4.1.21
 	github.com/pkg/xattr v0.4.9

go.sum

@@ -687,6 +687,8 @@ github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/microsoft/go-mssqldb v1.7.2 h1:CHkFJiObW7ItKTJfHo1QX7QBBD1iV+mn1eOyRP3b/PA=
 github.com/microsoft/go-mssqldb v1.7.2/go.mod h1:kOvZKUdrhhFQmxLZqbwUV0rHkNkZpthMITIb2Ko1IoA=
+github.com/microsoft/wmi v0.25.1 h1:sQv9hCEHtW5K6yEVL78T6XGRMGxk4aTpcJwCiB5rLN0=
+github.com/microsoft/wmi v0.25.1/go.mod h1:1zbdSF0A+5OwTUII5p3hN7/K6KF2m3o27pSG6Y51VU8=
 github.com/miekg/dns v1.1.22/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
 github.com/miekg/dns v1.1.61 h1:nLxbwF3XxhwVSm8g9Dghm9MHPaUZuqhPiGL+675ZmEs=
 github.com/miekg/dns v1.1.61/go.mod h1:mnAarhS3nWaW+NVP2wTkYVIZyHNJ098SJZUki3eykwQ=

metricbeat/docs/fields.asciidoc

@@ -68658,6 +68658,23 @@ format: duration
 
 --
 
+[float]
+=== wmi
+
+wmi
+
+
+
+*`windows.wmi.example`*::
++
+--
+Example field
+
+
+type: keyword
+
+--
+
 [[exported-fields-zookeeper]]
 == ZooKeeper fields
 

metricbeat/docs/modules/windows.asciidoc

@@ -63,8 +63,12 @@ The following metricsets are available:
 
 * <<metricbeat-metricset-windows-service,service>>
 
+* <<metricbeat-metricset-windows-wmi,wmi>>
+
 include::windows/perfmon.asciidoc[]
 
 include::windows/service.asciidoc[]
 
+include::windows/wmi.asciidoc[]
+
 :edit_url!:

metricbeat/docs/modules/windows/wmi.asciidoc

@@ -0,0 +1,28 @@
+////
+This file is generated! See scripts/mage/docs_collector.go
+////
+:edit_url: https://github.com/elastic/beats/edit/main/metricbeat/module/windows/wmi/_meta/docs.asciidoc
+
+
+[[metricbeat-metricset-windows-wmi]]
+=== Windows wmi metricset
+
+beta[]
+
+include::../../../module/windows/wmi/_meta/docs.asciidoc[]
+
+
+:edit_url:
+
+==== Fields
+
+For a description of each field in the metricset, see the
+<<exported-fields-windows,exported fields>> section.
+
+Here is an example document generated by this metricset:
+
+[source,json]
+----
+include::../../../module/windows/wmi/_meta/data.json[]
+----
+:edit_url!:

metricbeat/docs/modules_list.asciidoc

@@ -328,8 +328,9 @@ This file is generated! See scripts/mage/docs_collector.go
 |<<metricbeat-metricset-vsphere-resourcepool,resourcepool>> beta[]  
 |<<metricbeat-metricset-vsphere-virtualmachine,virtualmachine>>   
 |<<metricbeat-module-windows,Windows>>     |image:./images/icon-yes.png[Prebuilt dashboards are available]    |  
-.2+| .2+|  |<<metricbeat-metricset-windows-perfmon,perfmon>>   
+.3+| .3+|  |<<metricbeat-metricset-windows-perfmon,perfmon>>   
 |<<metricbeat-metricset-windows-service,service>>   
+|<<metricbeat-metricset-windows-wmi,wmi>> beta[]  
 |<<metricbeat-module-zookeeper,ZooKeeper>>     |image:./images/icon-yes.png[Prebuilt dashboards are available]    |  
 .3+| .3+|  |<<metricbeat-metricset-zookeeper-connection,connection>>   
 |<<metricbeat-metricset-zookeeper-mntr,mntr>>   

metricbeat/module/windows/_meta/config.reference.yml

@@ -17,3 +17,25 @@
   metricsets: ["service"]
   enabled: true
   period: 60s
+
+- module: windows
+  metricsets: ["wmi"]
+  wmi:
+    include_null: false
+    include_queries: false
+    # Remote WMI's Parameters
+    # host: "myhost.domain"
+    # username: "admin"
+    # password: "admin"
+    # namespace: "root\\cimv2"
+    queries:
+    - class: Win32_OperatingSystem
+      # Leave the fields array empty to retrieve all fields
+      fields:
+       - FreePhysicalMemory
+       - FreeSpaceInPagingFiles
+       - FreeVirtualMemory
+       - 'LocalDateTime'
+       - NumberOfUsers
+      # Narrow the scope of a data
+      where: ""

metricbeat/module/windows/_meta/config.yml

@@ -15,3 +15,20 @@
 #       field: cpu_usage
 #       format: "float"
 #     - name: "Thread Count"
+
+ - module: windows
+#   metricsets:
+#   - wmi
+#   wmi:
+#     # namespace: "root\\cimv2"
+#     queries:
+#     - class: Win32_OperatingSystem
+#       # Leave the fields array empty to retrieve all fields
+#       fields:
+#        - FreePhysicalMemory
+#        - FreeSpaceInPagingFiles
+#        - FreeVirtualMemory
+#        - 'LocalDateTime'
+#        - NumberOfUsers
+#       # Narrow the scope of a data
+#       where: ""

metricbeat/module/windows/wmi/_meta/data.json

@@ -0,0 +1,26 @@
+{
+    "@timestamp": "2024-12-12T15:46:39.622Z",
+    "event": {
+        "dataset": "windows.wmi",
+        "duration": 58982500,
+        "module": "windows"
+    },
+    "metricset": {
+        "name": "wmi",
+        "period": 10000
+    },
+    "service": {
+        "type": "windows"
+    },
+    "windows": {
+        "wmi": {
+            "FreePhysicalMemory": "7537796",
+            "FreeSpaceInPagingFiles": "2257908",
+            "FreeVirtualMemory": "9694064",
+            "NumberOfUsers": 1,
+            "class": "Win32_OperatingSystem",
+            "host": "localhost",
+            "namespace": "root\\cimv2"
+        }
+    }
+}

metricbeat/module/windows/wmi/_meta/docs.asciidoc

@@ -0,0 +1,44 @@
+The `wmi` metricset of the Windows module reads metrics via Windows Management Instrumentation  link:https://learn.microsoft.com/en-us/windows/win32/wmisdk/about-wmi[(WMI)], a core management technology in the Windows Operating system.
+
+By leveraging WMI Query Language (WQL), this metricset allows you to extract detailed
+system information and metrics to monitor the health and performance of Windows
+Systems.
+
+This metricset leverages the link:https://github.com/microsoft/wmi[Microsoft WMI], library a
+convenient wrapper around the link:https://github.com/go-ole[GO-OLE] library which allows to
+invoke the WMI Api.
+
+=== WMI Query Language (WQL) Support
+
+This metricset supports the execution of link:https://learn.microsoft.com/en-us/windows/win32/wmisdk/wql-sql-for-wmi[WQL] queries, a SQL-like query language for retrieving information from WMI namespaces.
+
+As of now, we only support and execute queries with `SELECT`, `FROM` and `WHERE` clauses.
+
+=== Configuration
+
+[source,yaml]
+----
+- module: windows
+  metricsets: ["wmi"]
+  period: 60s
+  namespace: "root\\cimv2" # Namespace
+  queries:
+  - class: Win32_OperatingSystem
+    fields:
+    - FreePhysicalMemory
+    - FreeSpaceInPaginFiles
+    - NumberOfUsers
+    # Where Clasue
+    where: ""
+----
+
+[float]
+=== Compatibility
+
+This module has been tested on the following platform:
+
+- Operating System: Microsoft Windows Server 2019 Datacenter
+- Architecture: x86
+
+Other Windows versions and architectures may also work but have not been explicitly tested.
+

metricbeat/module/windows/wmi/_meta/fields.yml

@@ -0,0 +1,10 @@
+- name: wmi
+  type: group
+  release: beta
+  description: >
+    wmi
+  fields:
+    - name: example
+      type: keyword
+      description: >
+        Example field

metricbeat/module/windows/wmi/config.go

@@ -0,0 +1,92 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+// Config is put into a different package to prevent cyclic imports in case
+// it is needed in several locations
+
+//go:build windows
+
+package wmi
+
+import (
+	"fmt"
+
+	wmiquery "github.com/microsoft/wmi/pkg/base/query"
+)
+
+type Config struct {
+	IncludeQueries bool          `config:"wmi.include_queries"` // Whether to include the query in the document
+	IncludeNull    bool          `config:"wmi.include_null"`    // Whether to include or not nil properties
+	Host           string        `config:"wmi.host"`            // Remote WMI Host
+	User           string        `config:"wmi.username"`        // Username for the Remote WMI
+	Password       string        `config:"wmi.password"`        // Password for the Remote WMI
+	Namespace      string        `config:"wmi.namespace"`       // Namespace for the queries
+	Queries        []QueryConfig `config:"wmi.queries"`         // List of query definitions
+}
+
+type QueryConfig struct {
+	QueryStr string
+	Class    string   `config:"class"`
+	Fields   []string `config:"fields"`
+	Where    string   `config:"where"`
+}
+
+func NewDefaultConfig() Config {
+	return Config{
+		IncludeQueries: false,
+		IncludeNull:    false,
+		Host:           "localhost",
+		Namespace:      WMIDefaultNamespace,
+	}
+}
+
+func (c *Config) ValidateConnectionParameters() error {
+	if c.User != "" && c.Password == "" {
+		return fmt.Errorf("if user is set, password should be set")
+	} else if c.User == "" && c.Password != "" {
+		return fmt.Errorf("if password is set, user should be set")
+	}
+	return nil
+}
+
+func (qc *QueryConfig) compileQuery() {
+	// Let us normalize the case where the array is ['*']
+	// To the Empty Array
+	if len(qc.Fields) == 1 && qc.Fields[0] == "*" {
+		qc.Fields = []string{}
+	}
+
+	query := wmiquery.NewWmiQueryWithSelectList(qc.Class, qc.Fields, []string{}...)
+	queryStr := query.String()
+	// Concatenating the where clause manually, because the library supports only a subset of where clauses
+	// while we want to leverage all filtering capabilities
+	if qc.Where != "" {
+		queryStr += " WHERE " + qc.Where
+	}
+	qc.QueryStr = queryStr
+}
+
+func (c *Config) CompileQueries() error {
+	if len(c.Queries) == 0 {
+		return fmt.Errorf("at least a query is needed")
+	}
+
+	for i := range c.Queries {
+		c.Queries[i].compileQuery()
+	}
+	return nil
+}