Managing Large Windows Event Collection Implementations: Load Balancing Across Multiple Collectors


In this real-training for free ™ event we will do a deep dive on how to scale Windows Event Collection. We all know how big event logs are – especially the Security Log. And when you try to forward events from thousands or even tens of thousands of systems you need to know what you are doing. Thankfully, Windows Event Forwarding is very customizable and is architected for scale.

You can greatly increase the capacity of WEC by increasing batch size of forwarded events for instance.

In this webinar we will look at the following areas that you may need to tweak in order to optimize Windows Event Collection in your environment


  • WinRM settings
    • Buffers
    • Timeouts
    • Envelope size
    • Concurrency
  • TCP/IP settings
  • WEC service settings


  • Latency and bandwidth settings
  • MaxDeliveryItems, etc
  • To Pre-Pender or Not


  • Pre-Rendering revisited
  • Local resources
  • Impact of XPath filter

We'll also look at key performance counters such as Events per Second to watch on your Collectors and address capacity planning.

At some point you may need to spread the load across multiple collectors. Or perhaps you may need a high level of fault-tolerance which also calls for multiple collectors. So we will show you what your options are for spreading or duplicating a load across multiple collectors. Some of the specifics:

  • How to force group membership changes to take effect immediately without rebooting forwarder systems
  • How to accelerate forwarders seeing new subscriptions when you are in testing mode

This webinar is sponsored by, LOGbinder's new Supercharger for Windows Event Collection solution which provides automated load balancing of tens of thousands of sources across multiple event collectors among other many other features.

Please join us for this very in-depth and technical real training for free ™ event.



Additional Resources