Hello. We have near 2300 EPS comming on each WEC Windows collector and near 350 EPS that winlogbeat ship to Logstash or Elasticsearch (i test both).
I try a lot of things on winlogbeat side, but nothing happen. Then i i change output from Elastic to local file.
And EPS increase from 350 to 4000 eps (and than to 2300). I also sure that problem is not in network connection.
So, now i am sure that problem is in Elasticsearch.
But when i check its log - i do not find nothing about dropping events. (journalctl -fu logstash or elasticsearch).
So, my question - how can i determine, that elasticsearch do not recieve events and my events drops?