Hello,
We have logstash performing dual feed. The first output writes to Elastic and the second output writes to Azure Sentinel.
There is a clear delta in number of logs sent to Azure Sentinel and Elastic. Elastic receives all the events, and there is a drop on Azure Sentinel.
In terms of troubleshooting, can you please advise on how can I hunt for the drops.
Thanks in advance.
--
Regards,
Siddarth
Hi @sta02
Sounds like the problem is happening with Azure. Is there any commonality to the logs that aren't making it to Sentinel, or does it seem random? Could you write the logs to a file and then have Sentinel pick them up?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.