Andrew Kroh

> The problem I see with the posted benchmark is, that is focusing purely on the written benchmark. > There are way more allocations happening in the scope of auditbeat...

Hi Mark, I don't quite understand how UnorderedReassembler is different from the current Reassember. You could provide some more details or an example. I may have forgotten some of the...

I don't think there is any special handling for netfilter_cfg messages. IIRC it merges the fields into `data` so it's probably not overwriting the fields that already exist when the...

It would be nice to benchmark the parser by itself to see what kind of throughput it has. Based on those results we could consider whether it would be worth...

/test

It looks like there is an API since macOS 10.15. https://developer.apple.com/documentation/oslog It would require cgo and objective-c to use the API.

The gcp pubsub library is supposed to retry on it's own. 😞 So this must be considered a non-retryable error. We considered adding our own retry in the past (https://github.com/elastic/beats/issues/29352),...

Relates: https://github.com/elastic/integrations/issues/3757

The `system.process` dataset utilizes polling of `/proc` on Linux to collect data. I would expect other collection methods that are hooked into the kernel like monitoring `execve` syscalls via the...

The binary on the releases page was [compiled](https://travis-ci.org/andrewkroh/go-ebpf/builds/296920812#L1561) against kernel 4.13.10. So perhaps there is a portability issue I'm unaware of. I have tested the latest binary release on -...