https://community.splunk.com/t5/Getting-Data-In/What-s-a-best-practice-for-ignoring-Windows-2008-security-events/m-p/54135#M10465 <P>Not surprisingly, this one had been answered before, and I just didn't find it before asking. The answer is here: <A href="http://splunk-base.splunk.com/answers/2425/what-windows-event-codes-are-generally-acceptable-to-filter-out">What Windows Event Codes are generally acceptable to filter out</A></P> Fri, 05 Aug 2011 16:30:00 GMT gpullis 2011-08-05T16:30:00Z https://community.splunk.com/t5/Getting-Data-In/What-s-a-best-practice-for-ignoring-Windows-2008-security-events/m-p/54134#M10464 <P>Like most of us with Windows servers, I'm fighting with keeping my license usage down in the face of Windows Server 2008 Security event logs.</P> <P>I'm pretty sure the correct answer is, "every environment is different", but I'm wondering if any of you wanted to share your advice on what events you feel are sufficiently silly that they can be shoved into the nullQueue? </P> Fri, 05 Aug 2011 15:19:17 GMT https://community.splunk.com/t5/Getting-Data-In/What-s-a-best-practice-for-ignoring-Windows-2008-security-events/m-p/54134#M10464 gpullis 2011-08-05T15:19:17Z https://community.splunk.com/t5/Getting-Data-In/What-s-a-best-practice-for-ignoring-Windows-2008-security-events/m-p/54135#M10465 <P>Not surprisingly, this one had been answered before, and I just didn't find it before asking. The answer is here: <A href="http://splunk-base.splunk.com/answers/2425/what-windows-event-codes-are-generally-acceptable-to-filter-out">What Windows Event Codes are generally acceptable to filter out</A></P> Fri, 05 Aug 2011 16:30:00 GMT https://community.splunk.com/t5/Getting-Data-In/What-s-a-best-practice-for-ignoring-Windows-2008-security-events/m-p/54135#M10465 gpullis 2011-08-05T16:30:00Z