Hi, I am having a setup wherein I am sending Win Event logs from my local machine (windows 10) to Elastic cloud (service). My Config: Winglogbeat ->Elastic search -> Kibana. Working on the setup, I need to find the default log sync time and also a method to change the log sync time. Help appreciated (New to Elastic community).
What does log sync time mean to you? And why do you need to change it? Winlogbeat basically reads the logs in real time and sends them to ES as fast as possible.
Hi Andrew,
I want to use smaller sync interval to make clocks respond more quickly to newly generated logs and therefore to speed up the overall system. I want to analyze the effect of changing the sync interval on the time taken to represent the logs in Kibana.
You can modify the parameters for the elasticsearch output to cause it to flush its queue sooner when it is not full. By default it waits up to one second before flushing. If it fills up (50) before the one second it will flush immediately.
See bulk_max_size and flush_interval.
output.elasticsearch:
hosts: ['localhost:9200']
flush_interval: 1s
bulk_max_size: 50
And then once the event is received by Elasticsearch it won't be searchable for up to 1s (the default refresh interval). https://www.elastic.co/guide/en/elasticsearch/guide/2.x/near-real-time.html#refresh-api
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.