Winlogbeat 8.4.3, set to log about itself to eventlog
logging.level: info
logging.selectors: ["*"]
logging.to_eventlog: true
logging.metrics.period: 5m
Every now and then on startup, winlogbeat will go nuts on a host and send ~250k errors a minute about itself until it is manually restarted. It seems to mostly occur on Monday mornings when the host has been off (or sleeping) for a couple of days.
Sample Error (they are all identical but for the timestamp):
{"log.level":"error","@timestamp":"2022-11-28T10:42:44.060-0500","log.origin":
{"file.name":"eventlog/wineventlog.go","file.line":335},"message":"WinEventLog[Application]
error salvaging message: failed in EvtFormatMessage: The handle is invalid.","ecs.version":"1.6.0"}
It's only happening on a few hosts but the log volume is significant. We'd like to get a handle on what's going on - more than a handful of these would quickly overwhelm us.
I haven't found any information in my searching, thanks in advance for any advice.