Skip to content

ETW receiver with control path and session #2930

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
swashtek wants to merge 17 commits into
base: main
Choose a base branch
from
Open

ETW receiver with control path and session #2930

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
c6fd443
ETW control channel scaffolding
swashtek May 6, 2026
ce46830
Add etw data path with session creation using one-collect fork change
swashtek May 7, 2026
248b735
Address comments
swashtek May 12, 2026
68754c8
Move ETW receiver from core-nodes to contrib-nodes
swashtek May 12, 2026
61515b4
Merge branch 'open-telemetry:main' into Add/etw_data_path
swashtek May 12, 2026
f8e4748
Add multi core fan out to ETW receiver
swashtek May 13, 2026
1ed3e22
Merge branch 'open-telemetry:main' into Add/etw_data_path
swashtek May 13, 2026
f8a6c95
Additonal coments on code quality
swashtek May 15, 2026
d861d2a
Fix regression at startup for first events, remove stale comment
swashtek May 18, 2026
acba6ba
Merge branch 'main' into Add/etw_data_path
swashtek May 18, 2026
3538ccd
Apply suggestion from @utpilla
utpilla May 18, 2026
69c2dbc
Typo and cargo toml conflict fix
swashtek May 18, 2026
08e33ef
Merge branch 'Add/etw_data_path' of https://github.com/swashtek/otel-…
swashtek May 18, 2026
52fac0b
Fix failed clippy checks
swashtek May 19, 2026
219ee56
Merge branch 'main' into Add/etw_data_path
swashtek May 19, 2026
88e8a10
Merge branch 'main' into Add/etw_data_path
swashtek May 19, 2026
645fcda
Merge branch 'open-telemetry:main' into Add/etw_data_path
swashtek May 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions rust/otap-dataflow/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -217,6 +217,7 @@ xxhash-rust = { version = "0.8", features = ["xxh3"] }
zip = "=8.6.0"
byte-unit = { version = "5.2.0", features = ["serde"] }
cpu-time = "1.0.0"
one_collect = { git = "https://github.com/microsoft/one-collect.git", rev = "cfe3f78" }
Copy link
Copy Markdown
Member

@lalitb lalitb May 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit - Can we use the full commit SHA here - would keep this consistent and easier to audit later.


azure_core = {version = "0.35.0", default-features = false }
azure_identity = {version = "0.35.0", default-features = false }
Expand Down Expand Up @@ -302,6 +303,8 @@ contrib-processors = ["otap-df-contrib-nodes/contrib-processors"]
condense-attributes-processor = ["otap-df-contrib-nodes/condense-attributes-processor"]
recordset-kql-processor = ["otap-df-contrib-nodes/recordset-kql-processor"]
resource-validator-processor = ["otap-df-contrib-nodes/resource-validator-processor"]
# Contrib receivers (opt-in) - Windows-only
etw-receiver = ["otap-df-contrib-nodes/etw-receiver"]

[lints.rust]
unexpected_cfgs = { level = "warn", check-cfg = ['cfg(tarpaulin_include)'] }
Expand Down
39 changes: 39 additions & 0 deletions rust/otap-dataflow/configs/etw-console.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
# ETW to Console pipeline
#
# Subscribes to Windows ETW providers and prints events to the console.
#
# Usage (run as Administrator for ETW access):
# cargo run --features etw-receiver -- -c configs/etw-console.yaml
#
# The receiver captures raw ETW events from the configured providers
# and emits summary as an internal log/event. Full Arrow encoding is a TODO.


version: otel_dataflow/v1
engine: { }
policies:
resources:
core_allocation:
type: core_count
count: 4
groups:
default:
pipelines:
main:
nodes:
etw:
type: receiver:etw
config:
session_name: "OtelArrowETW"
providers:
# Microsoft-Windows-Kernel-Process
- guid: "22fb2cd6-0e7b-422b-a0c7-2fad1fd0e716"
level: information
console:
type: exporter:console
config: {}

connections:
- from: etw
to: console

10 changes: 6 additions & 4 deletions rust/otap-dataflow/crates/contrib-nodes/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,15 +55,17 @@ reqwest = { workspace = true, optional = true, features = ["rustls-no-provider"]
sysinfo = { workspace = true, optional = true }
urlencoding = { workspace = true, optional = true }

[target.'cfg(windows)'.dependencies]
one_collect = { workspace = true, optional = true }

[target.'cfg(target_os = "linux")'.dependencies]
# TODO: Remove this pinned git dependency once one-collect is upstream in the
# normal dependency graph and no longer needs to be pulled directly here. The
# pinned commit is from 2026-04-10.
one_collect = { git = "https://github.com/microsoft/one-collect.git", rev = "9292caacaddf9ff9e4fbdf77bc62b5ec25494c84", features = ["scripting"], optional = true }
one_collect = { workspace = true, optional = true }
Copy link
Copy Markdown
Member

@lalitb lalitb May 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit - small cleanup

  [target.'cfg(any(windows, target_os = "linux"))'.dependencies]
  one_collect = { workspace = true, optional = true }

tracepoint_decode = { workspace = true, optional = true }

[features]
etw-receiver = ["dep:one_collect"]
contrib-receivers = [
Comment thread
swashtek marked this conversation as resolved.
"etw-receiver",
"user_events-receiver",
]
user_events-receiver = [
Expand Down
Loading
Loading