Feature Request: Intelligent Polling with Backoff for Windows Event Log Receiver #44102
Description
Component(s)
receiver/windowseventlog
Is your feature request related to a problem? Please describe.
Yes. The Windows Event Log receiver currently uses a fixed polling interval (poll_interval), which results in inefficient resource usage. High volume systems require collector config tuning in order to operate efficiently.
-
When there are many events available, the receiver reads up to
max_readsevents, then waits for the fullpoll_intervalbefore checking again. This creates unnecessary delays in processing high-volume event streams. -
When there are few or no events, the receiver continues polling at the fixed interval.
Describe the solution you'd like
Implement intelligent polling with exponential backoff that adapts to event volume:
-
If a read operation returns the maximum number of configured events (
max_reads), immediately perform another read without any delay. This ensures high-volume event streams are processed as quickly as possible. -
If a read operation returns fewer than
max_readsevents, begin exponential backoff before the next read attempt. -
The maximum backoff interval should be capped at the configured
poll_interval.**
The function readOnInterval is structured in a way that would easily allow backoff to be introduced using the github.com/cenkalti/backoff package.
**The goal is to keep the user interface the same. I am open to discussion here, we could implement new config options that allow users to opt into the new backoff behavior.
Describe alternatives you've considered
The alternative is to configure the poll interval to a very low value, ensuring the configuration works well on high volume and low volume systems.
Additional context
I am happy to contribute this change if the proposal is accepted.
Tip
React with 👍 to help prioritize this issue. Please use comments to provide useful context, avoiding +1 or me too, to help us triage it. Learn more here.