I use Graylog server version 2.5.1 and on windows server 2012 R2 I use Graylog collector sidecar for collect only log of windows (system, security and application).
I do a monitoring on CPU on the windows server. I have see a high usage when the collector sidecar service is start. I’ve test with de graylog collector sidecar version 0.1.7 and 0.1.8
I’ve released a screen shot for illustrate the issue.
Are you kidding me?
avg 1,5% not high…
The winlogbeat needs to check the file content again and again. It need some resources. As far as I remember you can set the refresh rate in the config. Set if for a few days Something for something