predictiple

Taking one step back from the problem statement we have to ask: **why** one would want to do event forwarding? To my mind there are 2 reasons: 1) For archival...

An option that might be unpopular and/or unpleasant to think about is to offload the hassle of supporting various data backends to Fluent Bit (or similar log shipper). It's a...

Elastic is at the popular end of the scale, and the bulky end of the scale. Google Pub/Sub probably not so much in either aspect. But the argument I'm making...

Keep Veloci "lean & mean" is what I'm saying. To quote Elon's 2nd Law: _If you're not occasionally adding things back-in you're not deleting enough, the bias tends to be...

It would also be great if `serve_url` could be respected if set. Currently the `serve_url` can be specified in an artifact definition, but gets replaced by the filestore_path when 'materialize'...

I think it could be useful to be able to set `last_seen_at`. For example, let's say that you have an analysis query that use `last_seen_at` as one of it's criteria....

It doesn't seem like we update last seen on import. If I create_client and then ImportCollection to that client_id the last seen remains unset. Setting it in that situation seems...

Interestingly import_collection() does try to set `last_seen_at` [but it uses clients.NewClientFunction](https://github.com/Velocidex/velociraptor/blob/ae71d7726ed7924d09f44c3fa99ae015acfd9b03/vql/tools/collector/import.go#L461), the same as client_create(), which ignores the `last_seen_at` value.

Try adding `-v` to your client (admin privilege) command line. Keep an eye out for any warnings or errors, especially when you try the next step... Then on the server...

ok, and yes I have seen such dlls. It's unlikely that any developers are going to craft more than 10k individual messages so probably the 10k constraint is reasonable. I...