I am collecting Windows Security Event Logs from a Windows machine using Winlogbeat, and that is sending to my box that hosts Logstash fine, but for some reason or another, the Security log events are getting stuck in LS's persistent queue (checked page file in /queue/main).
I am not seeing any errors in the LS or ES log.
Other Windows event logs get read in correctly (Application/System) and I can find them in Kibana without issue. Does anyone have any advice or suggestions to resolve this issue?
Winlogbeat version: 6.1.3
ES/LS version: 6.1.3
Thanks,
Cappy