I am working on the configuration to recover the domain controllers logs : It seems that winlogbeat is slower than the speed of the logs generation.
So all the Security logs going to my Elastics have one hour delay (due to the parameter “ignore_older: 1h”) and some logs are lost. The logs from other journal (system, applications, ..) arrive on time.
I use version 6.2.4 but I also have the problem with the latest version (6.5.4).
After my filter, I’ve made some processing to filter these logs and remove the noise, but it seems to have no link with this delay : What could be the cause of my problem?
Here is my configuration :
Do you guys have the same issues ? How can I solve it ?