Refactoring introduced in this PR #35437 is causing throughput degradation as every log message is always rendered twice. This problem became particularly apparent in Windows Event Forwarding (WEF) configurations where Winlogbeat was installed on Windows Event Collector (WEC) servers. Maximum throughput was reduced by 30% or more, depending on the hardware configuration.
It is better to use a pre-allocated buffer with reasonable size with the first call to EvtFormatMessage and occasionally retry with larger buffer for an exceptionally long event message.
For confirmed bugs, please report:
- Version: v8.8.0
- Operating System: Windows
- Discuss Forum URL:
- Steps to Reproduce:
Refactoring introduced in this PR #35437 is causing throughput degradation as every log message is always rendered twice. This problem became particularly apparent in Windows Event Forwarding (WEF) configurations where Winlogbeat was installed on Windows Event Collector (WEC) servers. Maximum throughput was reduced by 30% or more, depending on the hardware configuration.
It is better to use a pre-allocated buffer with reasonable size with the first call to EvtFormatMessage and occasionally retry with larger buffer for an exceptionally long event message.
For confirmed bugs, please report: