Deployment Architecture

why my indexes are filling up quickly

MAMAOUI
Explorer

Hello
I have an index(es) that are beginning to rapidly fill up,how can i determine the reason and solve it?!
Thanks
M&A

0 Karma
1 Solution

FrankVl
Ultra Champion

Take a look at your data and see which source / host is spiking and then investigate why that source / host is spiking and decide whether there is something wrong with that source / host that needs to be fixed, or whether this event volume is to be expected (and then adjust Splunk to scale to that demand).

View solution in original post

0 Karma

FrankVl
Ultra Champion

Take a look at your data and see which source / host is spiking and then investigate why that source / host is spiking and decide whether there is something wrong with that source / host that needs to be fixed, or whether this event volume is to be expected (and then adjust Splunk to scale to that demand).

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...