From 9b0a3a8b39ab505cd364349a2e03974219be83d3 Mon Sep 17 00:00:00 2001
From: Hiroshi Hatake <hiroshi@chronosphere.io>
Date: Fri, 5 Apr 2024 17:02:39 +0900
Subject: [PATCH 1/3] in_winevtlog: Add a description for threshold_size

Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io>
---
 pipeline/inputs/windows-event-log-winevtlog.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pipeline/inputs/windows-event-log-winevtlog.md b/pipeline/inputs/windows-event-log-winevtlog.md
index f55248945..a985ef25f 100644
--- a/pipeline/inputs/windows-event-log-winevtlog.md
+++ b/pipeline/inputs/windows-event-log-winevtlog.md
@@ -17,6 +17,7 @@ The plugin supports the following configuration parameters:
 | Render\_Event\_As\_XML | Whether to render system part of event as XML string or not. \(optional\) | False  |
 | Use\_ANSI | Use ANSI encoding on eventlog messages. If you have issues receiving blank strings with old Windows versions (Server 2012 R2), setting this to True may solve the problem. \(optional\) | False  |
 | Event\_Query | Specify XML query for filtering events. | `*` |
+| Threshold\_Size| Specify threshold size per a cycle. (\optional\)  | |
 
 Note that if you do not set _db_, the plugin will tail channels on each startup.
 
@@ -40,6 +41,10 @@ Here is a minimum configuration example.
 
 Note that some Windows Event Log channels \(like `Security`\) requires an admin privilege for reading. In this case, you need to run fluent-bit as an administrator.
 
+The default value of Threshold\_Size is set up as 512KiB.
+Note that 512KiB(= 0x7ffff = 512 * 1024 * 1024) does not equals to 512KB (= 512 * 1000 * 1000).
+To increase events per second on this plugin, specify larger value than 512KiB.
+
 #### Query Languages for Event_Query Parameter
 
 The `Event_Query` parameter can be used to specify the XML query for filtering Windows EventLog during collection.

From 822a05737aba36de271fcf1ce1a945ee12e16ffd Mon Sep 17 00:00:00 2001
From: Hiroshi Hatake <hiroshi@chronosphere.io>
Date: Tue, 9 Apr 2024 14:32:28 +0900
Subject: [PATCH 2/3] in_winevtlog: Follow the change of parameter name

Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io>
---
 pipeline/inputs/windows-event-log-winevtlog.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pipeline/inputs/windows-event-log-winevtlog.md b/pipeline/inputs/windows-event-log-winevtlog.md
index a985ef25f..d452c8b5b 100644
--- a/pipeline/inputs/windows-event-log-winevtlog.md
+++ b/pipeline/inputs/windows-event-log-winevtlog.md
@@ -17,7 +17,7 @@ The plugin supports the following configuration parameters:
 | Render\_Event\_As\_XML | Whether to render system part of event as XML string or not. \(optional\) | False  |
 | Use\_ANSI | Use ANSI encoding on eventlog messages. If you have issues receiving blank strings with old Windows versions (Server 2012 R2), setting this to True may solve the problem. \(optional\) | False  |
 | Event\_Query | Specify XML query for filtering events. | `*` |
-| Threshold\_Size| Specify threshold size per a cycle. (\optional\)  | |
+| Read\_Limit\_Per\_Cycle | Specify reading limitation per a cycle. (\optional\)  | |
 
 Note that if you do not set _db_, the plugin will tail channels on each startup.
 
@@ -41,7 +41,7 @@ Here is a minimum configuration example.
 
 Note that some Windows Event Log channels \(like `Security`\) requires an admin privilege for reading. In this case, you need to run fluent-bit as an administrator.
 
-The default value of Threshold\_Size is set up as 512KiB.
+The default value of Read\_Limit\_Per\_Cycle is set up as 512KiB.
 Note that 512KiB(= 0x7ffff = 512 * 1024 * 1024) does not equals to 512KB (= 512 * 1000 * 1000).
 To increase events per second on this plugin, specify larger value than 512KiB.
 

From c9104b2b8fad9056f565d002476d369d5b5614d0 Mon Sep 17 00:00:00 2001
From: Hiroshi Hatake <hatake@calyptia.com>
Date: Wed, 10 Apr 2024 16:52:32 +0900
Subject: [PATCH 3/3] Simplify the description and add the devault value for
 read_limit_per_cycle

Co-authored-by: Pat <pat@calyptia.com>
Signed-off-by: Hiroshi Hatake <hatake@calyptia.com>
---
 pipeline/inputs/windows-event-log-winevtlog.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pipeline/inputs/windows-event-log-winevtlog.md b/pipeline/inputs/windows-event-log-winevtlog.md
index d452c8b5b..2edaaee4b 100644
--- a/pipeline/inputs/windows-event-log-winevtlog.md
+++ b/pipeline/inputs/windows-event-log-winevtlog.md
@@ -17,7 +17,7 @@ The plugin supports the following configuration parameters:
 | Render\_Event\_As\_XML | Whether to render system part of event as XML string or not. \(optional\) | False  |
 | Use\_ANSI | Use ANSI encoding on eventlog messages. If you have issues receiving blank strings with old Windows versions (Server 2012 R2), setting this to True may solve the problem. \(optional\) | False  |
 | Event\_Query | Specify XML query for filtering events. | `*` |
-| Read\_Limit\_Per\_Cycle | Specify reading limitation per a cycle. (\optional\)  | |
+| Read\_Limit\_Per\_Cycle | Specify read limit per cycle.  | 512KiB |
 
 Note that if you do not set _db_, the plugin will tail channels on each startup.