I'm wondering if and how Filebeat can guarantee at least once delivery with an udp input? If we would restart Filebeat, will Palo Alto logs send to it, get lost?
It can only guarantee delivery of what it receives, not everything that is sent over UDP as UDP does not offer any delivery guarantees. If the listening process was shut down or restarted logs could be lost. If you want to avoid data loss - avoid UDP.
Then I guess there is no way to completely avoid data loss or guarantee delivery to Filebeat.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.