Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
g
groob
04/05/2019, 1:11 PMit’s not because of an internet connection, but you might need to configure your --events_max flags
s
sepuku
04/05/2019, 1:34 PMRight, but we don’t have our machines configured to remove events at such a small amount of storage used, or at such a short timeframe.
we have our machines configured to --events_expiry=36000
Looks like 50k events is the default, I guess theres a potential that >50k events could be generated after a BSOD
I’ll try bumping that limit up and seeing what the outcome is