So i have some Windows Event collector servers which collects events from workstations, and decided to send all collected events to Elasticsearch with Winlogbeat (8.4.1 version), but regardless of any of settings that i found related to performance (batch_read_size, bulk_max_size, workers etc) i am always stuck at about 50 events per second, it almost never changes whatever i do with winlogbeat settings ... It looks like Winlogbeat is very slow at reading events from eventlog. Any advice?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.