Andrew Kroh

I was curious what go-sysconf did for this since it claims to not use cgo. https://github.com/tklauser/go-sysconf/blob/0dc6a3a166617b00a369c95264f8ee435c0a4910/sysconf_linux.go#L19-L26 ```go const ( // CLK_TCK is a constant on Linux for all architectures except...

No, it cannot be closed. There are many features of Auditbeat that work on MacOS, but reading from MacOS audit data from the auditpipe is not one of them yet.

I recommend thinking a little about the observability of the input itself. 1. Are there any metrics that would be useful to expose? If so I recommend to register a...

I was testing the input from b053b4c60f6 and I encountered some issues, but I was able to prove out the concept that I was testing 😄 . I was using...

The expvar metricset does not have a mapping. Plus it allows for a custom namespace (golang.filebeat in my case) so mapping those fields is even more of a challenge. ```...

I do think an explicit configuration is needed to avoid a breaking change. How about requiring this to split an array of objects (inspired by `jq`): `expand_event_list_from_field: .[]`

This seems like a bug in Go (at least for the handling of `WSAEMSGSIZE`) where it should return the raw sock addr and an error. https://github.com/golang/go/blob/849b7911293c3cb11d76ff2778ed560100f987d1/src/internal/poll/fd_windows.go#L590 For the syslog use...

> keep trying to subscribe, which will also prevent it from terminating in the more common case of a channel not existing in the system IIRC Winlogbeat only terminates if...

@kowalczyk-p What version of Filebeat? Do you have [Sysmon](https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon) installed? If you don't then this is the expected behavior.

/test