Time interval for sending logs using Winlogbeat

Hi,

I'm using the Winlogbeat for log shipping into elasticsearch. But I don't want to send the logs continuously into elasticsearch. I need to send only every half hour once. So, Please suggest me How to do that.

Thanks in Advance.

That's not really how Beats were designed to work. They are designed to ship logs off of the endpoint as soon as possible. When new events are available it reads them and ships them. I'm curious why you only want to send them every 30 minutes?

Because I will plan to connected 1k more pcs to single elk server. In Such case, For reducing the data load, I asked.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.