Hello users,
Question here about how much and how old data elasticsearch is able to retreive from winlogbeat.
If I set ignore older field i the config file for winlogbeat, to be older than 10 days, and install elasticsearch as a service tomorrow. I want to able to catch that data, minus 10 days.
It seems as elasticsearch is the master and can only retrieve data, from when it starts and disregard whatever the beat shippers is configured to do.