Question about winlogbeat/Logstash

Maekee · September 4, 2017, 2:49pm

Hi,

If i Point to a winlog that have about 1,5 million entries with winlogbeat, do i see the events in kibana as they arrive or do they appear in chunks.

Because i Point to a winlog provider called Microsoft-Windows-Base-Filtering-Engine-Connections/Operational and it has about 1,5 million entries.. but they dont appear in Kibana.

If i check the logs for winlogbeat i see many rows of this:
2017-09-04T16:45:28+02:00 INFO EventLog[Microsoft-Windows-Base-Filtering-Engine-Connections/Operational] Successfully published 100 events

But nothing in Kibana.. soo... are Logstash working with them/dropping them? or does it just take a while?

system · October 2, 2017, 2:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Winlogbeat only last log shows in Kibana Beats winlogbeat	6	485	November 29, 2018
Winlogbeat and huge Windows Security Log Beats winlogbeat	3	3633	November 28, 2016
Question about log with winlogbeat and logstash Beats winlogbeat	3	432	February 5, 2019
Sending Windows logs to Elastic Search or Logstash and viewing Windows event logs in Kibana Elasticsearch	1	3511	May 8, 2019
No Logs appearing in Kibana Kibana	16	554	July 17, 2023

Question about winlogbeat/Logstash

Related topics