Description
Component(s)
receiver/windowseventlog
Is your feature request related to a problem? Please describe.
For data verification and measurement purposes, it would be useful to have access to the original unparsed log, even when using the parsed version. Currently, when Windows Event Log XML data is parsed by the receiver, there is no way to access the original raw log. This impacts our ability to perform accurate data analysis. Without access to the raw logs in the parsed format, there is not a good way to measure the raw log accurately.
Describe the solution you'd like
The raw XML is already being captured in the Original field of the EventXML struct. I propose creating an opt-in boolean option in the config called include_log_record_original. When true, the receiver would put the log's raw XML value into a general log identification attribute: log.record.original.
Describe alternatives you've considered
One alternative is to put the raw log data in an existing field in the formatted body. However, this could interfere with current formatting logic and would create ambiguity about the contents of the body. Using a clearly defined attribute to store the original record follows standard OTEL practice and ensures better clarity.
Additional context
This enhancement would not affect existing parsing logic or output structure. It simply provides an opt-in way to retain the original log content in the parsed format.