botelastic[bot]
commented
6 months ago This issue doesn't have a Team:<team> label.
Open FANJIA-a opened 6 months ago
botelastic[bot]
commented
6 months ago This issue doesn't have a Team:<team> label.
David-M-Berry
commented
5 months ago Hi @FANJIA-a , what version of Winlogbeat are you running? Event log readers were updated in version 8.9.2, which should resolve this issue.
FANJIA-a
commented
5 months ago こんにちは@FANJIA-a実行している Winlogbeat のバージョンは何ですか? イベント ログ リーダーはバージョン 8.9.2 で更新されており、この問題は解決されているはずです。
The version of winlogbeat was 7.8.1, and elastic was 7.17.5. Currently, I'm trying to fix the problem with the policy on the Windows Server side.
We are using elastic version 7.17.5. One day out of the blue, this error occurred. When this error occurs, the number of logs sent is reduced.
2024-05-12T14:04:40.763+0900 WARN [winlogbeat] beater/eventlogger.go:167 Read() error. {"error": "The query result is stale or invalid and must be recreated. This may be due to the log being cleared or rolling over after the query result was created."}2024-05-12T14:04:40.763+0900 WARN eventlog/wineventlog.go:377 WinEventLog[Security] EventHandles returned error The query result is stale or invalid and must be recreated. This may be due to the log being cleared or rolling over after the query result was created.How should this error be addressed?
Referenced sites https://github.com/elastic/beats/issues/36020
Team: