How to speed Up Windows Event Log Processing?

spiced · ‎11-27-2019

I indexed about one GB of Windows Event Logs using the add data feature by monitoring the folder where the event log files are stored in. The indexing takes about 12 hours to complete. I expected the process to be a lot faster. The CPU, Memory and Disk usage was constantly low during the processing. Is there a way to speed the processing up?

woodcock · ‎11-27-2019

You probably have the default maxKBps which I think is 1024. Set this to 0 in limits.conf on your forwarders.

How to speed Up Windows Event Log Processing?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation

How to speed Up Windows Event Log Processing?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future