For the System integration for elastic-agent, I was curious if we could filter by log level, or eliminate various Event ID's that we may not want to collect due to noise. Collection of all informational logs at scale is just too much.
By default, does it collect every informational message for Application and Security logs, or are there any types of paths or specific Event ID's that it does not parse?
In beats, we could specify the informational level and also use a processor for event ID's to drop, but I am not seeing that in the options for the built in System integration.
The integration might need to be adjusted accordingly so as to include these options too, so thnak you for reporting this. @MarianaD do you think we can add such options to the package?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.