Getting Data In

What's a best practice for ignoring Windows 2008 security events

gpullis
Communicator

Like most of us with Windows servers, I'm fighting with keeping my license usage down in the face of Windows Server 2008 Security event logs.

I'm pretty sure the correct answer is, "every environment is different", but I'm wondering if any of you wanted to share your advice on what events you feel are sufficiently silly that they can be shoved into the nullQueue?

0 Karma
1 Solution

gpullis
Communicator

Not surprisingly, this one had been answered before, and I just didn't find it before asking. The answer is here: What Windows Event Codes are generally acceptable to filter out

View solution in original post

0 Karma

gpullis
Communicator

Not surprisingly, this one had been answered before, and I just didn't find it before asking. The answer is here: What Windows Event Codes are generally acceptable to filter out

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...