Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Configure interval for forwarding Windows Event Logs to Forwarder

klkumar10
Explorer
‎07-14-2010 11:02 AM

I installed Splunk on a Windows DC and configured it as Light Forwarder to send the events to a linux based Splunk Indexer / Search.

Now, I would like to forward the events from the Windows Server for every 15 minutes. Presently any event that is generated on the server are going in realtime.

How can i configure the above?

Tags (2)
0 Karma
Reply

Paolo_Prigione
Builder
‎07-14-2010 11:16 AM

You might do so by accessing the events through scripted WMI inputs instead of EventLog monitoring. That way you could set a time interval.

The whole point about splunk "monitor" is speed, so I don't think it is possible to tune it down and have it poll logs every 15 minutes.

If you want to limit network usage, you can tune the limits.conf file.

Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...