Nick Maludy
Nick Maludy
What is interesting in this is that i see the timestamp of the `storage.json` file being updated and the `storage.json.tmp` files coming and going.
@flurreN I don't think i'm running anything else in the background. Here are the current Ruby / FluentD processes running:  Do any of those look like duplicates or different...
@flurreN tried that config and am still seeing the error: ``` [windows_eventlog] failed to save data for plugin storage to file path="c:/opt/td-agent/storage.json" tmp="c:/opt/td-agent/storage.json.tmp" error_class=Errno::EACCES error="Permission denied @ rb_file_s_rename - (c:/opt/td-agent/storage.json.tmp,...
@flurreN i tried your suggestion of `in_windows_eventlog2` but am seeing the worker fail to start with the following error in the td-agent.log: ``` 2020-06-08 08:31:59 -0400 [error]: #0 unexpected error...
Fixed that error by deleting the old `storage.json` file i had in the same place. Looks like the new plugin has a different storage format. The plugin is running now,...
@flurreN No change running it directly from the `td-agent` command prompt as `Administrator`. Also with this setup it still isn't able to read the `Security` channel. Also with the `windows_eventlog2`...
On the `windows_eventlog2` setup, i figured out the problem. The `Keywords` field was being sent as a `String` and our old logger was sending it as an `Integer`, therefore our...
@flurreN So, switching to `windows_eventlog2` and applying the filter above to fix my indexing problem has solved the issue related to receiving the `Security` stream. Now, even the Service instance...
For anyone else out there watching here is my working config: ``` @type record_transformer enable_ruby full_message ${record["Description"]} short_message ${record["Description"].lines.first} remove_keys Keywords,Description flush_interval 1s host graylog.domain.tld port 12201 protocol udp @type...
Just an update on this ticket, it looks like it was our Anti-Virus agent that was causing the issue. I worked with our security team to disable the AV agent...