elastic
[Winlogbeat] WindowsServer2019 winlogbeat error
We are using elastic version 7.17.5.
One day out of the blue, this error occurred. When this error occurs, the number of logs sent is reduced.
2024-05-12T14:04:40.763+0900 WARN [winlogbeat] beater/eventlogger.go:167 Read() error. {"error": "The query result is stale or invalid and must be recreated. This may be due to the log being cleared or rolling over after the query result was created."}
2024-05-12T14:04:40.763+0900 WARN eventlog/wineventlog.go:377 WinEventLog[Security] EventHandles returned error The query result is stale or invalid and must be recreated. This may be due to the log being cleared or rolling over after the query result was created.
How should this error be addressed?
Referenced sites https://github.com/elastic/beats/issues/36020
Team:<Winlogbeat>
![botelastic[bot] avatar](https://avatars.githubusercontent.com/u/6764390?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi @FANJIA-a , what version of Winlogbeat are you running? Event log readers were updated in version 8.9.2, which should resolve this issue.
こんにちは@FANJIA-a実行している Winlogbeat のバージョンは何ですか? イベント ログ リーダーはバージョン 8.9.2 で更新されており、この問題は解決されているはずです。
The version of winlogbeat was 7.8.1, and elastic was 7.17.5. Currently, I'm trying to fix the problem with the policy on the Windows Server side.
Hi! We just realized that we haven't looked into this issue in a while. We're sorry!
We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1.
Thank you for your contribution!