Apologies if this has been asked before, but I have hunted around and can't find anything specific. I'm sending domain controller logs to Logstash with Winlogbeat. Windows Performance Monitor shows Winlogbeat process using 30MB memory during normal operations. If I take Logstash offline the memory use gradually climbs to 53MB, and then seems continue growing but only very slightly. I've left it for a day now. What should I expect to see if Logstash stays offline? Should resources remain flat or gradually increase?
I haven't changed anything from default other than winlogbeat.yml as follows:
winlogbeat.event_logs:
- name: Application
ignore_older: 1h
- name: System
ignore_older: 1h
- name: Security
ignore_older: 1h
output.logstash:
hosts: ["192.168.100.100:5044"]
I don't especially care if I lose logs while Logstash is offline. I'm far more concerned about not causing any resource issues on our domain controllers.
Any advice appreciated
Sera