All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on for Microsoft Windows: Why is the winnetmon sourcetype is killing our license with 15-20 GB per day??

manderson7
Contributor
‎06-25-2015 03:07 PM

Our 4 production web servers are running windows server 2008 r2, and connect to the primary database in the backend. I installed the Windows TA on them on 6/1, and starting on 6/20 ago, winnetmon has gone crazy, and is sending us at least 15-20G per day. Nothing has changed on the boxes that I know of. What does winnetmon correlate to in Windows that I can check to see what might be causing this?

0 Karma
Reply

jcoates_splunk
Splunk Employee
Splunk Employee
‎07-11-2015 07:09 PM

Hi, WinNetMon is the Microsoft world's equivalent of NetFlow or even tcpdump... it makes a lot of data.

Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...