Release 1.8

• When running in a container, GOMAXPROCS is set to the CPU quota
• Truncating strings better handles Unicode characters
• Handling errorlog_written messages is significantly improved
  • Save the raw message in errorlog_raw
  • Don't capture errorlog_date and errorlog_time. The date was being forced to UTC which is often wrong.
  • Parse error strings for any error event, not just login failures. These are stored in error_number, severity, and state.
  • Trim most strings to 8000 characters. A few such as errorlog_process are trimmed to a shorter length.
• For errorlog_written and error_reported events, if it finds text like [CLIENT: 10.10.1.1], it will save the address in xe_client_address
• Update new builds to GO 1.22.5
• The username and password fields for Defaults, Sources, and the Elastic Sink can be set to an environment variable. That looks like this: password="$(env:VARIABLE_NAME)".

Release 1.7.9-rc0

v1.7.9

Release 1.7.8

• Improve errorlog_written event parsing to populate any error_number, severity, or state that it can parse out
• Add a sampler sink. This writes sample events. It is primarily used during development or pre-deployment to work on JSON format.
• Improve handling bad offsets in event files. Try to read past to the next good event in more conditions.
• File Sink: Clean up old event files at the start
• Additional testing against SQL Server on Linux, SQL Server 2022 CTP2, and SQL Server running in Docker
• Set beta_features to true in the app settings section to add the following calculated fields: cpu_time_sec, logical_reads_mb, physical_reads_mb, writes_mb, and duration_sec. See the Beta Features section for more details.

Release 1.7.7

• Improve errorlog_written parsing to populate any error_number, severity, or state
• Add a sampler sink. This writes sample events. It is primarily used during development or pre-deployment to work on JSON format.
• Improve handling bad offsets in event files. Try to read past to the next good event in more conditions.
• File Sink: Clean up old event files at the start

Release 1.7.6

• Capture Availability Groups in mssql_ag and Listeners in mssql_ag_listener. These are both multi-value fields.
• Fields can be upper or lower case. Use the lowercase=["fld1", "fld2"] to list the fields that should be lower case. Use uppercase for uppercase.
• hadr_trace_message events populate the xe_description field

Release 1.7.5 Release Candidate

• Capture Availability Groups in mssql_ag and Listeners in mssql_ag_listener. These are both multi-value fields.
• Fields can be upper or lower case. Use the lowercase=["fld1", "fld2"] to list the fields that should be lower case. Use uppercase for uppercase.
• hadr_trace_message events populate the xe_description field

Release 1.7.4

Updated the README for this version

Release 1.7.3

• BUG: Sources specified in sqlxewriter_source.toml files weren't processing their add, moves, etc
• Comment out unused code
• FEATURE: Handle "attention" events

Release 1.7.2

Update github.com/tidwall/gjson to 1.9.4 to fix potential DOS issue

Release 1.7.1

Added xe_category to group similar events together