Winlogbeat can't send events to Elasticsearch

smerzlyakov · February 12, 2020, 10:10am

Hello. We have near 2300 EPS comming on each WEC Windows collector and near 350 EPS that winlogbeat ship to Logstash or Elasticsearch (i test both).
I try a lot of things on winlogbeat side, but nothing happen. Then i i change output from Elastic to local file.
And EPS increase from 350 to 4000 eps (and than to 2300). I also sure that problem is not in network connection.

So, now i am sure that problem is in Elasticsearch.
But when i check its log - i do not find nothing about dropping events. (journalctl -fu logstash or elasticsearch).

So, my question - how can i determine, that elasticsearch do not recieve events and my events drops?

smerzlyakov · February 17, 2020, 8:59am

Do anybody have any comments? Simple question- how to determine and monitor, that Elastic can't recive all events that winlogbeat sends?

system · March 16, 2020, 10:59am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Winlogbeat missing events Beats winlogbeat	3	839	July 21, 2020
Winlogbeat performance Beats winlogbeat	1	411	February 17, 2023
Troubleshoot logstash. Find dropped events by logs Logstash	1	964	October 30, 2019
Winlogbeat not writing all events to Elasticsearch Elasticsearch	3	342	August 31, 2020
Winlogbeat loses some events from Microsoft-IIS-Logging/Logs Beats windows , winlogbeat	2	1945	May 15, 2020

Winlogbeat can't send events to Elasticsearch

Related topics