We recently deployed elastic agent with endpoint security enabled across an environment and started seeing event logs from months prior to the agent being installed. This is brilliant from a visibility point of view, however as we rolled out the agents it led to a surge in events that meant we lost live events from other agents that were deployed as the stack could not keep up.
This made us curious, is there any reference to how far back the endpoint security agent grabs logs or any sort of configurable limit on the amount volume of logs that are exported from a single machine?
Thanks in advance,