because you last worked on this code with

Question

< alessandrogario> because you last worked on this code with the big event batching refactor slightly smiling face Or others It appears that the `windows events` table does not pull in the `Computer` field I believe this is where it would be pulled out The `Computer` field is extremely important because it is the hostname of the system that the log was originally generated on it s common to aggregate Windows eventlogs to a few Windows systems using Windows Eventlog Forwarding WEF and then ship those to the backend system using something like Winlogbeat Osquery etc Without the `Computer` field the backend system has no idea of where the original log came from Further ref

Juan Alvarez · Answer

+1 to this slightly smiling face I actually opened a FR some time ago <https github com osquery osquery issues 6726>

seph · Answer

I haven t stared at the code but it sounds reasonable and like a small patch Either of you want to submit a PR

defensivedepth · Answer

I could certainly try slightly smiling face

defensivedepth · Answer

Just took at a stab it at <https github com osquery osquery pull 6952>