-
New Feature Request
-
Resolution: Unresolved
-
Major
-
None
-
6.4.2rc1, 7.0 (plan)
-
None
extend current parameters for eventlog key for windows like it was done for log logrt
maxdelay - the maximum delay in seconds. Type: float. Values: 0 - (default) never ignore log file lines; > 0.0 - ignore older lines in order to get the most recent lines analyzed within "maxdelay" seconds. Read the maxdelay notes before using it!
This would be very useful to not read all logs if they not needed. If wee need only some fresh for last hour.
One of use case:
Agent was stopped or not running by some reason for few hours/days then we nit started it start reading huge set of event logs which might be not actual for a moment for monitoring.
Probably maxdelay could be set globally for all eventlog/ log items and on priority on key level for particular logs.