Recently upgraded from 7.15.1 to 7.17.x and then to 8.latest.
From then on, 1 cpu thread will be 100% consumed by winlogbeat.
OS is windows2016
Looking at the metrics, it is processing between 7 and 100 events per 30 seconds, and delivering that succesfully to logstash.
I can limit the scope to 2 types of applications (proprietary), so I know it is not a generic issue.
winlogbeat.yml:
winlogbeat.registry_file: C:/ProgramData/winlogbeat/.winlogbeat.yml
winlogbeat.event_logs:
- name: "Application"
- name: "Security"
event_id: -4663
- name: "System"
- name: "Microsoft-Windows-PrintService/Admin"
name: xxx.xxx.xxxx.xxxx
fields_under_root: false
#----------------------------- Logstash output --------------------------------
output.logstash:
hosts:
- logstash.xxx.xxx.xxx:xxxx
loadbalance: false
ssl:
enabled: true
Any debugging help would be appreciated