Hi Community,
when I ship Windows Event Logs from a Windows Event Collector Log, that contain Logs where the provider is not registered on the WEC to Elasticsearch using Winlogbeat (v 8.9.0) the performance is so poor, that the majority of events are lost.
I can work around this issue by eighter registering every single event log provider on the WEC or by setting event_logs.api to wineventlog-experimental .
Since I was able to reproduce the issue using the Powershell cmdlet Get-WinEvent I opened a Microsoft Q&A question, but haven't received an answer, that solves my issue so far. So i thought maybe someone from this community has faced the same issue and could give me an advice how to deal with this situation.
Thanks in advance