Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[winlogbeat] Throughput degradation #39530

Closed
intxgo opened this issue May 13, 2024 · 1 comment · Fixed by #39544
Closed

[winlogbeat] Throughput degradation #39530

intxgo opened this issue May 13, 2024 · 1 comment · Fixed by #39544
Assignees
@intxgo
Labels
bug Team:Security-Windows Platform Windows Platform Team in Security Solution Winlogbeat

Comments

@intxgo
Copy link
Contributor

intxgo commented May 13, 2024

Refactoring introduced in this PR #35437 is causing throughput degradation as every log message is always rendered twice. This problem became particularly apparent in Windows Event Forwarding (WEF) configurations where Winlogbeat was installed on Windows Event Collector (WEC) servers. Maximum throughput was reduced by 30% or more, depending on the hardware configuration.

It is better to use a pre-allocated buffer with reasonable size with the first call to EvtFormatMessage and occasionally retry with larger buffer for an exceptionally long event message.

For confirmed bugs, please report:

  • Version: v8.8.0
  • Operating System: Windows
  • Discuss Forum URL:
  • Steps to Reproduce:
@intxgo intxgo self-assigned this May 13, 2024
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label May 13, 2024
@marc-gr marc-gr added bug Team:Security-Windows Platform Windows Platform Team in Security Solution labels May 13, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label May 13, 2024
@intxgo intxgo mentioned this issue May 14, 2024
Merged
6 tasks
This was referenced May 15, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@intxgo intxgo

Labels
bug Team:Security-Windows Platform Windows Platform Team in Security Solution Winlogbeat
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[winlogbeat] performance improvment; avoid rendering event message twice intxgo/beats
3 participants
@marc-gr @elasticmachine @intxgo