From ac48e070a48a5a5a37289cda3c3f7267f18b43d8 Mon Sep 17 00:00:00 2001 From: Lee Hinman <57081003+leehinman@users.noreply.github.com> Date: Thu, 22 Apr 2021 09:04:50 -0500 Subject: [PATCH] Update experimental flag on winlogbeat documentation (#25207) - remove experimental from batch_read_size - remove experimental from api (using wineventlog-experimental) is still experimental but setting the API isn't - syncs with documentation for agent winlog input (cherry picked from commit 639998cece67da2227c719241c453868a03c81ad) --- winlogbeat/docs/winlogbeat-options.asciidoc | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/winlogbeat/docs/winlogbeat-options.asciidoc b/winlogbeat/docs/winlogbeat-options.asciidoc index 6c9e9eb2667..e23a14c9633 100644 --- a/winlogbeat/docs/winlogbeat-options.asciidoc +++ b/winlogbeat/docs/winlogbeat-options.asciidoc @@ -81,8 +81,6 @@ winlogbeat.event_logs: [float] ==== `event_logs.batch_read_size` -experimental[] - The maximum number of event log records to read from the Windows API in a single batch. The default batch size is 100. Most Windows versions return an error if the value is larger than 1024. *{vista_and_newer}* @@ -414,12 +412,10 @@ example of how to read from an `.evtx` file in the <>. [float] ==== `event_logs.api` -experimental[] - This selects the event log reader implementation that is used to read events from the Windows APIs. You should only set this option when testing experimental features. When the value is set to `wineventlog-experimental` Winlogbeat will -replace the default event log reader with the experimental implementation. +replace the default event log reader with the **experimental** implementation. We are evaluating this implementation to see if it can provide increased performance and reduce CPU usage. *{vista_and_newer}*