Winlogbeat collect Active Directory Security event log slowly


Dear All,

I have 3 Active Directory machines which installed winlogbeat. I find there are some issues on collecting security event log.

According to the below chart, it show the received security event from 3 machine

  • In the chart, we can see two of the machine's security event log can be received but cannot receive suddenly but application and system event still can be received.

  • The other machine security event log can be received but it is slow, when I tried to search 13:00 event, it still receiving 11:00 security event

  • May I know is there any limitation on winlogbeat?
  • is it need to wait one machine event complete receiving to start receive other machine event.
  • May I know why the log has delay?



Anyone can answer?

(Andrew Cholakian) #3

Have you looked at the winlogbeat logs? Do you see any errors there?

(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.