Injesting sysmon logs via Elastic API and events are getting dropped
Options
Joel Yue
Posts: 4 ✭
Hi, I am trying to ingest sysmon logs via the Elastic api. But i do not see any live data but instead i get all dropped counts. Can anyone help?
0
Answers
-
Hey @Joel Yue I just want to be sure I am understanding your use case. Are you using the Elasticsearch API (Source) to pull sysmon logs from Elasticsearch and you aren't observing any data?
If the aforementioned is correct, can you provide a sanitized version of the input/source config here and any error logs?
0
