I'm running Elastic Stack v8.2.0 on Windows. I've noticed that sometimes/randomly winlogbeat stops publishing events when the Windows event log fills up and auto-archives itself. The winlogbeat service is still running but it is no longer publishing events. If I restart the winlogbeat service it starts publishing events again. It doesn't do this every time the event log is auto-archived by Windows but whenever winlogbeat does stop publishing events the time correlates exactly to the time that the event log was archived. Any ideas on why this is happening?
Please test the latest release. I think there was a related fix. It should be listed in the changelog.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.