Bulk_max_size

Elastic Stack Beats
1

Hi,
I would like Winlogbeat to publish singol events, so I tried to set bulk_max_size to 0, but then Winlogbeat didn't start. I tried to set bulk_max_size to -1, in this way Winlogbeat starts but it keeps publishing events in bulk.

How can I do?

output:

  ### Elasticsearch as output
  elasticsearch:
    # Array of hosts to connect to.
    # Scheme and port can be left out and will be set to the default (http and 9200)
    # In case you specify and additional path, the scheme is required: http://localhost:9200/path
    # IPv6 addresses should always be defined as: https://[2001:db8::1]:9200
    hosts: ["192.168.1.6:8080"]
    bulk_max_size: -1
2

winlogbeat batches up multiple events into one batch. The publisher does not split batches, and will send them using the bulk api. This is not configurable.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.