Winlogbeat too slow?

I am working on the configuration to recover the domain controllers logs : It seems that winlogbeat is slower than the speed of the logs generation.

So all the Security logs going to my Elastics have one hour delay (due to the parameter “ignore_older: 1h”) and some logs are lost. The logs from other journal (system, applications, ..) arrive on time.
I use version 6.2.4 but I also have the problem with the latest version (6.5.4).

After my filter, I’ve made some processing to filter these logs and remove the noise, but it seems to have no link with this delay : What could be the cause of my problem?

Here is my configuration :

name: Security
batch_read_size: 512
ignore_older: 1h
event_id: 1100-1102,4608-4662,4667,4672-4675,4688-4693,4697-4713,4719-4742,4754-4758,4764-4769,4771-4780

output.kafka:
enabled: true
topic: windows_ad
compression: snappy
retry.backoff: 5s
bulk_max_size: 2048

Do you guys have the same issues ? How can I solve it ?

Regards,

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.