Ive experienced such thing in my past with eventlog on security logs - if the logging setup on the server is high it was killing the machine. Simply too many and too general requests on whole lot of data caused this behavior.

There are couple things you might try without big pain

- shorten the interval to 1m or less ( its 5m in those templates ) less data to process or go through - no guarantees it will help and will not cause trouble in the future
- think what items are really needed - its not always necessary to see everything
- make sure you have installed latest agent version - preferably Zabbix agent 2 - just to feel good that you're using latest thing
- try to play with setting in eventlog item , especially with the mode parameter - use skip processing of older data ( affects only newly created items !!! ) , no need to reread the whole log as it grows https://www.zabbix.com/documentation...agent/win_keys

Dont try to turn Zabbix in log management system ist not yet there - aiming for version 6.4 https://www.zabbix.com/roadmap

I'll try all of that but from the event list, there is not so many I can get "rid off" and I don't think it is an issue with the amount of events, but the amount of events to read in the log.
But the configuration of agent seems promissing by not processing past events as I've seen in AD health template that it was reading out events from 2019 in other logs!!!

Thanks for those tips!

Well, I've tried but didn't success, I guess I have to wait a little or put some effort in my SIEM's alerting capabilities!

Thanks again for the help!