Sam Novak

I had/am having similar issues; about 2.5k stations and occasionally the collector just stops; the process is still running, but it's not doing anything. I've attempted to work around it...

@rewt1 I believe I set my max items per second to 10 and I don't recall seeing customer side issues. I haven't modified any of the delivery options, though I...

@jokezone In my instance I don't think it's memory related (even though I've seen the process go as high as 6GB), but if I go higher in CPU I'm gonna...

@SpencerLN You spent money for this? Nice. It's just odd that I only seem to have the issue on my large collector; I mean, if that's the 'truth' from MS,...

I'm going to try combining the authentication subscriptions into a single, combined one. Here's the xpath I'm going to use: ``` *[System[(EventID >=4624 and EventID <=4626)]] *[System[(EventID=4634 or EventID=4647 or...

@SpencerLN Well it appears to have survived the night, and our scheduled 7AM wakeup, so I'd call that progress. Unfortunately, the only really 'combinable' subscriptions are for authentication (5; account...

@SpencerLN Just reporting back; simply combining the authentication subscriptions, while looking positive at first, did not resolve my problems. It seems like heavy intake periods are still killing it, even...

Just letting everyone know, I undid my combined subscription, because I believe it was preventing events from being collected; I was seeing a lot of kerberos, and not much else,...

I'm going on vacation in a week, so since I'm still dealing with this problem, I wrote a powershell script and set it to run every 5 minutes with task...

Hey folks, So I upgraded to server 2022, and now the wec service will gobble up memory after running for an extended period. I've updated my monitor script to account...