Hi All,
When I create an event I need to set two time ranges:
“Search within the last”
and
“Execute search every”
No when I set both to the same value, lets say 5 Minutes for example is there a chance that log entries won’t make it into the event if they are exactly 300 seconds old?
Or do I need to set:
Search within the last 301 seconds
Execute search every 300 seconds
to make sure nothing will be missed?
Thanks,
Michael
he @Mike_FUT
the event processing is searching in the given timeframe and it will search after it has received messages that fits into the period.
It will depend on the load of the system, if you have enterprise (if use more than one node for the event saerch), but the event system is created to not “drop” or forget something so it will search in the configured time frames … and even when it was stopped for some reasons it will check the frames when started again.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
