How do I debug Agent custom logs and ingest pipeline?

I have created a custom log integration on some Windows servers to read the DNS debug logs. The logs get sent to a custom ingest pipeline which parses them into ECS and writes them to a data stream.
I have installed this integration on 6 of my domain controllers with no issues at all, and the logs get ingested fine, and show up in my kibana views etc. HOWEVER, I have reproduced the integration in a different Agent policy that is applied to 8 different DC boxes, and NO data appears in my indexes from these new 8 servers.
There are no obvious error messages in the Agent logs. The custom log definition in the Agent policy is exactly the same. In fact, I cloned the policy from the working Agents and applied the cloned policy to the new 8 DCs, and no luck in seeing any data.
My question is - how do I debug this. How can I determine if the Agent is even opening and reading the DNS logs? If they are, how can I determine if the logs are being sent to the ingest pipeline?

Thanks in advance


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.