Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

introduce new way of getting process name in loki source windows event #2631

Merged
merged 5 commits into from
Feb 10, 2025
Merged

introduce new way of getting process name in loki source windows event #2631

merged 5 commits into from
Feb 10, 2025

Conversation

wildum
Copy link
Contributor

@wildum wildum commented Feb 6, 2025
edited
Loading

PR Description

This PR further reduces the CPU usage of the loki.source.windows component by 70%.

The previous approach was iterating over all processes to find the one corresponding to the received event by comparing the PIDs to retrieve the process name.

The new approach uses the Windows API to query the process name directly using the PID. It also returns directly the names "System" and "Idle Process" which are guaranteed to always have the same PIDs on all Windows machines.

Which issue(s) this PR fixes

Fixes #2615

Notes to the Reviewer

The change was tested by running both the old function and the new function side by side and comparing the results with at least 1_000_000 prod events. No discrepancies were found between the two versions.
Profiles showed an improvement of more than 70% compared to the version on main.

Additional manual tests were done locally to test different types of events.

PR Checklist

  • CHANGELOG.md updated
  • [na] Documentation added
  • [na] Tests updated
  • [na] Config converters updated

@wildum wildum marked this pull request as ready for review February 6, 2025 14:53
@wildum wildum requested a review from a team as a code owner February 6, 2025 14:53
@ptodev ptodev mentioned this pull request Feb 10, 2025
Open
@wildum wildum merged commit 7e3e854 into main Feb 10, 2025
30 checks passed
@wildum wildum deleted the improve-get-process-name-windowsevent branch February 10, 2025 14:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ptodev ptodev ptodev approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Improve process name retrieval in loki.source.windowsevent
2 participants
@wildum @ptodev