https://github.com/osquery/osquery/blob/master/osquery/tables/events/windows/windows_events.cpp for instance this is one of the tables/subscribers for the events that

windowseventlogpublisher

creates. There are multiple tables that will receive those events, and which receives what event is chosen by the

shouldFire

function in the publisher, which as you can see uses the event channel name that a subscriber listens to. Each subscriber selects the channels in their

init

function and put them in

channel_list

which is later used in

shouldFire

Thanks a lot!