Logstash version: 6.3.2
Hello, in order to process Netflow logs I installed Elastiflow which requires use of a different pipeline; the only changes I made was to comment out path.config in the logstash.yaml file and add the following to pipelines.yml:
- pipeline.id: default
path.config: "/usr/local/etc/logstash/logstash.conf"
- pipeline.id: elastiflow
path.config: "/usr/local/etc/logstash/elastiflow/logstash/elastiflow/conf.d/*.conf"
I don't think this worked as looking at the logstash-plain.log file shows that it doesn't start the elastiflow pipeline, however my question concerns log collection; I'm collecting Windows event logs via winlogbeat which is usually something like 200,000 logs every 15 minutes when running with the main pipeline, but when I enable multiple pipelines that collection rate drops to around 28,000 logs every 15 minutes.
Can anyone tell me why this is happening?