Hello, I'm about to install Winlogbeat on some of our production servers as part of testing Elastic Stack and I was wondering if Winlogbeat provides any indicator of not being able to keep up with the Windows event log message generation rate i.e. the event logs are generated so fast that Winlogbeat can't collect them quick enough.
I ask because in my previous job we used a proprietary SIEM solution and the agent would have trouble keeping up with the Domain Controller security log which was constantly thrashed - if it couldn't keep up there would be an alert on the console.
Is there anyway Winlogbeat will let me know if it can't keep up with the event log message rate?
Thanks.