I have cloudflare integration set up and configured both audit logs and logpull logs, for some time it worked without a problem but couple days ago logpull logs stopped coming in. Nothing has been changed in integration configuration, except it was updated some time ago to the newest version. Only can't remember now if it was on date logs stopped coming in or other date.
On the other side audit logs (user logon, config change etc) continue to come in.
Strangest thing is that agent logs are showing that events where published
(request finished: 14163 events published) and looking at indices I see that file keeps growing. At the same time there is also message "Non-zero metrics in the last 30s".
What is ur polling interval for the logpull? Other people have reported issues that the interval needs to be very small as a hour could have too much data and can overwhelm the agent.
Default polling interval is 5min but I have changed it to 1min.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.