Forum Discussion
Some Windows events are not being analyzed
mesaqee For now, the alert trigger is a certain percentage of events loss.
The number is not really that important also because it can change without notice, we see it as implementation detail. We are also experimenting with ML code that (if eventually works well) will alert for each customer in a different way.
The main take from this alert is that you are losing detection data, and that's need to be fixed.
The main thing to check is that your spec is in line with what was estimated in the sizing tool, if it's not, fix it first... them make sure you are optimized correctly as described in the docs (power plan, Hyper threading, VM resource reservation etc). Once you have covered all those "basics", go with a support ticket. for some cases additional resources might be needs on top of the sizing tool estimation due to traffic/data mix. The support engineer also has additional telemetry that can be checked from the backend that might give more clues...
Microsoftmesaqee For now, the alert trigger is a certain percentage of events loss.
The number is not really that important also because it can change without notice, we see it as implementation detail. We are also experimenting with ML code that (if eventually works well) will alert for each customer in a different way.
The main take from this alert is that you are losing detection data, and that's need to be fixed.
The main thing to check is that your spec is in line with what was estimated in the sizing tool, if it's not, fix it first... them make sure you are optimized correctly as described in the docs (power plan, Hyper threading, VM resource reservation etc). Once you have covered all those "basics", go with a support ticket. for some cases additional resources might be needs on top of the sizing tool estimation due to traffic/data mix. The support engineer also has additional telemetry that can be checked from the backend that might give more clues...
