Winlogbeat collect Active Directory Security event log slowly

Dear All,

I have 3 Active Directory machines which installed winlogbeat. I find there are some issues on collecting security event log.

According to the below chart, it show the received security event from 3 machine

  • In the chart, we can see two of the machine's security event log can be received but cannot receive suddenly but application and system event still can be received.

  • The other machine security event log can be received but it is slow, when I tried to search 13:00 event, it still receiving 11:00 security event


  • May I know is there any limitation on winlogbeat?
  • is it need to wait one machine event complete receiving to start receive other machine event.
  • May I know why the log has delay?


Anyone can answer?

Have you looked at the winlogbeat logs? Do you see any errors there?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.