Hi,
If i Point to a winlog that have about 1,5 million entries with winlogbeat, do i see the events in kibana as they arrive or do they appear in chunks.
Because i Point to a winlog provider called Microsoft-Windows-Base-Filtering-Engine-Connections/Operational and it has about 1,5 million entries.. but they dont appear in Kibana.
If i check the logs for winlogbeat i see many rows of this:
2017-09-04T16:45:28+02:00 INFO EventLog[Microsoft-Windows-Base-Filtering-Engine-Connections/Operational] Successfully published 100 events
But nothing in Kibana.. soo... are Logstash working with them/dropping them? or does it just take a while?