I have 3 Active Directory machines which installed winlogbeat. I find there are some issues on collecting security event log.
According to the below chart, it show the received security event from 3 machine
In the chart, we can see two of the machine's security event log can be received but cannot receive suddenly but application and system event still can be received.
The other machine security event log can be received but it is slow, when I tried to search 13:00 event, it still receiving 11:00 security event
- May I know is there any limitation on winlogbeat?
- is it need to wait one machine event complete receiving to start receive other machine event.
- May I know why the log has delay?