Add support for "Event" eventType (#83)

* Implement WindowsEventType and its tests

* Add WindowsEventType to NLFPlugin.syslogMessage

Author: MoonBow-1

src/main/java/com/teragrep/nlf_01/NLFPlugin.java

@@ -119,6 +119,9 @@ else if (jsonObject.getString("Type").equals("ContainerAppConsoleLogs")) {
             else if (jsonObject.getString("Type").equals("DataverseActivity")) {
                 eventTypes.add(new DataverseActivityType(parsedEvent, realHostname, componentNameForPartitions));
             }
+            else if (jsonObject.getString("Type").equals("Event")) {
+                eventTypes.add(new WindowsEventType(parsedEvent, realHostname, componentNameForPartitions));
+            }
             else if (jsonObject.getString("Type").equals("FunctionAppLogs")) {
                 eventTypes.add(new FunctionAppLogsType(parsedEvent, realHostname, componentNameForPartitions));
             }

src/main/java/com/teragrep/nlf_01/types/WindowsEventType.java

@@ -0,0 +1,159 @@
+/*
+ * Teragrep Neon log format plugin for AKV_01
+ * Copyright (C) 2025 Suomen Kanuuna Oy
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ *
+ * Additional permission under GNU Affero General Public License version 3
+ * section 7
+ *
+ * If you modify this Program, or any covered work, by linking or combining it
+ * with other code, such other code is not for that reason alone subject to any
+ * of the requirements of the GNU Affero GPL version 3 as long as this Program
+ * is the same Program as licensed from Suomen Kanuuna Oy without any additional
+ * modifications.
+ *
+ * Supplemented terms under GNU Affero General Public License version 3
+ * section 7
+ *
+ * Origin of the software must be attributed to Suomen Kanuuna Oy. Any modified
+ * versions must be marked as "Modified version of" The Program.
+ *
+ * Names of the licensors and authors may not be used for publicity purposes.
+ *
+ * No rights are granted for use of trade names, trademarks, or service marks
+ * which are in The Program if any.
+ *
+ * Licensee must indemnify licensors and authors for any liability that these
+ * contractual assumptions impose on licensors and authors.
+ *
+ * To the extent this program is licensed as part of the Commercial versions of
+ * Teragrep, the applicable Commercial License may apply to this file if you as
+ * a licensee so wish it.
+ */
+package com.teragrep.nlf_01.types;
+
+import com.teragrep.akv_01.event.ParsedEvent;
+import com.teragrep.akv_01.plugin.PluginException;
+import com.teragrep.nlf_01.util.ASCIIString;
+import com.teragrep.nlf_01.util.DefaultSDElements;
+import com.teragrep.nlf_01.util.MD5Hash;
+import com.teragrep.nlf_01.util.ResourceId;
+import com.teragrep.nlf_01.util.SDElements;
+import com.teragrep.nlf_01.util.ValidKey;
+import com.teragrep.nlf_01.util.ValidRFC5424AppName;
+import com.teragrep.nlf_01.util.ValidRFC5424Hostname;
+import com.teragrep.nlf_01.util.ValidRFC5424Timestamp;
+import com.teragrep.nlf_01.util.ValidStringKey;
+import com.teragrep.rlo_14.Facility;
+import com.teragrep.rlo_14.SDElement;
+import com.teragrep.rlo_14.Severity;
+import jakarta.json.JsonObject;
+import java.util.Set;
+
+public final class WindowsEventType implements EventType {
+
+    private final ParsedEvent parsedEvent;
+    private final String realHostname;
+    private final String componentNameForPartitions;
+
+    public WindowsEventType(
+            final ParsedEvent parsedEvent,
+            final String realHostname,
+            final String componentNameForPartitions
+    ) {
+        this.parsedEvent = parsedEvent;
+        this.realHostname = realHostname;
+        this.componentNameForPartitions = componentNameForPartitions;
+    }
+
+    @Override
+    public Severity severity() {
+        return Severity.NOTICE;
+    }
+
+    @Override
+    public Facility facility() {
+        return Facility.AUDIT;
+    }
+
+    @Override
+    public String hostname() throws PluginException {
+        final JsonObject record = parsedEvent.asJsonStructure().asJsonObject();
+
+        final ValidKey<String> validKey = new ValidStringKey(record, "_Internal_WorkspaceResourceId");
+
+        final String resourceId = validKey.value();
+
+        return new ValidRFC5424Hostname(
+                "md5-".concat(new MD5Hash(resourceId).md5().concat("-").concat(new ASCIIString(new ResourceId(resourceId).resourceName()).withNonAsciiCharsRemoved()))
+        ).hostnameWithInvalidCharsRemoved();
+
+    }
+
+    @Override
+    public String appName() throws PluginException {
+        final JsonObject record = parsedEvent.asJsonStructure().asJsonObject();
+
+        return new ValidRFC5424AppName(new ValidStringKey(record, "Source").value()).appName();
+    }
+
+    @Override
+    public long timestamp() throws PluginException {
+        final JsonObject record = parsedEvent.asJsonStructure().asJsonObject();
+
+        final ValidKey<String> validKey = new ValidStringKey(record, "TimeGenerated");
+
+        return new ValidRFC5424Timestamp(validKey.value()).validTimestamp();
+    }
+
+    @Override
+    public Set<SDElement> sdElements() throws PluginException {
+        final SDElements defaultSDElements = new DefaultSDElements(
+                parsedEvent,
+                realHostname,
+                this.getClass(),
+                componentNameForPartitions
+        );
+        final Set<SDElement> elems = defaultSDElements.sdElements();
+
+        final JsonObject mainObject = parsedEvent.asJsonStructure().asJsonObject();
+
+        final ValidKey<String> validKey = new ValidStringKey(mainObject, "_ResourceId");
+        final String resourceId = validKey.value();
+
+        // Append the origin of this event to the DefaultSDElements
+        elems.add(new SDElement("origin@48577").addSDParam("_ResourceId", resourceId));
+
+        return elems;
+    }
+
+    @Override
+    public String msgId() throws PluginException {
+        final String sequenceNumber;
+        if (!parsedEvent.systemProperties().isStub()) {
+            sequenceNumber = String.valueOf(parsedEvent.systemProperties().asMap().getOrDefault("SequenceNumber", ""));
+        }
+        else {
+            sequenceNumber = "";
+        }
+        return sequenceNumber;
+    }
+
+    @Override
+    public String msg() throws PluginException {
+        return parsedEvent.asString();
+    }
+}

src/test/java/com/teragrep/nlf_01/NLFPluginTest.java

@@ -79,6 +79,7 @@
 import com.teragrep.nlf_01.types.PowerPlatformAdminActivityType;
 import com.teragrep.nlf_01.types.SQLSecurityAuditEventsType;
 import com.teragrep.nlf_01.types.SyslogType;
+import com.teragrep.nlf_01.types.WindowsEventType;
 import com.teragrep.nlf_01.util.Sourceable;
 import com.teragrep.rlo_14.SDElement;
 import com.teragrep.rlo_14.SDParam;
@@ -504,6 +505,39 @@ void dataverseActivityType() {
         Assertions.assertTrue(sdElementMap.get("aer_event@48577").containsKey("properties"));
     }
 
+    @Test
+    void windowsEventTypeTest() {
+        final String json = Assertions
+                .assertDoesNotThrow(() -> Files.readString(Paths.get("src/test/resources/windows_event.json")));
+        final ParsedEvent parsedEvent = new ParsedEventFactory(
+                new UnparsedEventImpl(json, new EventPartitionContextImpl(new HashMap<>()), new EventPropertiesImpl(new HashMap<>()), new EventSystemPropertiesImpl(new HashMap<>()), new EnqueuedTimeImpl("2020-01-01T00:00:00"), new EventOffsetImpl("0"))
+        ).parsedEvent();
+
+        final NLFPlugin plugin = new NLFPlugin(new FakeSourceable());
+        final List<SyslogMessage> syslogMessages = Assertions
+                .assertDoesNotThrow(() -> plugin.syslogMessage(parsedEvent));
+        Assertions.assertEquals(1, syslogMessages.size());
+
+        final SyslogMessage syslogMessage = syslogMessages.get(0);
+        Assertions.assertEquals("md5-0ded52ef915af563e25778bf26b0f129-resourceName", syslogMessage.getHostname());
+        Assertions.assertEquals("Windows", syslogMessage.getAppName());
+        Assertions.assertEquals("2020-01-01T01:02:34.567Z", syslogMessage.getTimestamp());
+        Assertions.assertEquals(json, syslogMessage.getMsg());
+        final Map<String, Map<String, String>> sdElementMap = syslogMessage
+                .getSDElements()
+                .stream()
+                .collect(Collectors.toMap((SDElement::getSdID), (sdElem) -> sdElem.getSdParams().stream().collect(Collectors.toMap(SDParam::getParamName, SDParam::getParamValue))));
+
+        Assertions
+                .assertEquals(
+                        "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}",
+                        sdElementMap.get("origin@48577").get("_ResourceId")
+                );
+        Assertions
+                .assertEquals(WindowsEventType.class.getSimpleName(), sdElementMap.get("nlf_01@48577").get("eventType"));
+        Assertions.assertTrue(sdElementMap.get("aer_event@48577").containsKey("properties"));
+    }
+
     @Test
     void adfActivityRunType() {
         final String json = Assertions