topic Re: Reducing Splunk authentication storms in Security https://community.splunk.com/t5/Security/Reducing-Splunk-authentication-storms/m-p/444012#M10420 <P>Does this match your situation?</P> <P><A href="https://static.rainfocus.com/splunk/splunkconf18/sess/1523340475734001cAJl/finalPDF/A-Deep-Dive-Into-1379_1538782399746001rPuN.pdf">https://static.rainfocus.com/splunk/splunkconf18/sess/1523340475734001cAJl/finalPDF/A-Deep-Dive-Into-1379_1538782399746001rPuN.pdf</A></P> Sun, 31 May 2020 22:15:54 GMT nagrajkulkarni 2020-05-31T22:15:54Z Reducing Splunk authentication storms https://community.splunk.com/t5/Security/Reducing-Splunk-authentication-storms/m-p/444009#M10417 <P>Splunk authentication is destroying my Active Directory because of frequency of authentications, our user search dn contains 100000 users, our DC's are logging around 2.5 million authentication queries a day from the Splunk service account, I have some suspicions that it is around the cache configuration, can anyone offer some advice on how to reduce this auth storm (only a 10-20 people use the app per day).</P> Sun, 07 Jun 2020 16:45:43 GMT https://community.splunk.com/t5/Security/Reducing-Splunk-authentication-storms/m-p/444009#M10417 kcb 2020-06-07T16:45:43Z Re: Reducing Splunk authentication storms https://community.splunk.com/t5/Security/Reducing-Splunk-authentication-storms/m-p/444010#M10418 <P>How broad is your groupBaseFilter set to? userBaseDN? what is your sizelimit set to?</P> Mon, 12 Aug 2019 17:17:39 GMT https://community.splunk.com/t5/Security/Reducing-Splunk-authentication-storms/m-p/444010#M10418 rchurch0505 2019-08-12T17:17:39Z Re: Reducing Splunk authentication storms https://community.splunk.com/t5/Security/Reducing-Splunk-authentication-storms/m-p/444011#M10419 <P>Make sure you do NOT have LDAP enabled on your indexers.</P> Mon, 12 Aug 2019 18:16:49 GMT https://community.splunk.com/t5/Security/Reducing-Splunk-authentication-storms/m-p/444011#M10419 richgalloway 2019-08-12T18:16:49Z Re: Reducing Splunk authentication storms https://community.splunk.com/t5/Security/Reducing-Splunk-authentication-storms/m-p/444012#M10420 <P>Does this match your situation?</P> <P><A href="https://static.rainfocus.com/splunk/splunkconf18/sess/1523340475734001cAJl/finalPDF/A-Deep-Dive-Into-1379_1538782399746001rPuN.pdf">https://static.rainfocus.com/splunk/splunkconf18/sess/1523340475734001cAJl/finalPDF/A-Deep-Dive-Into-1379_1538782399746001rPuN.pdf</A></P> Sun, 31 May 2020 22:15:54 GMT https://community.splunk.com/t5/Security/Reducing-Splunk-authentication-storms/m-p/444012#M10420 nagrajkulkarni 2020-05-31T22:15:54Z