defensivedepth03/22/2022, 1:09 AM
The following message is from osqueryi:
Buffered logs limit exceeded. Purging excess. purge_count = 400
Based on my initial investigation, I believe they indicate the same issue - the evented table has filled its buffer and logs are being expired. Is this accurate?
4924 events.cpp:312] Expiring events for subscriber: windows_events (overflowed limit 50000)