Hi Team -
Winlogbeat is sending events to Logstash at 5044. I have below questions:
In winlogbeat, if I set ignore_older: 10s
Does this mean that Winlogbeat will check if there are any new events before 10 seconds, or in last 10 seconds? And in this case, can I miss any events in any of the situation? I don't want to miss any events. I want all the events to go to Logstash. If I set it to 1 hour, will it check for new events in last one hour or it will check for new events before one hour and those are not parsed yet? Please make me understand the use of ignore_older.
If I don't mention "ignore_older", what difference will it make to my setup? What is the default check?
What is the default beat time of Winlogbeat or Logstash? After how many seconds or miliseconds it checks for the new events or logs?