Getting Data In

Which one to choose Windows xml OR non-xml format to save licensing

Raj
Builder

Hi,

In our environment, we utilize Windows security logs for our security purposes. To reduce licensing costs, I'm considering switching the render XML setting to false. I'm wondering if this is advisable, especially given our focus on security use cases. Could you highlight the major distinctions between using XML and non-XML formats for these logs?

Thanks.

Labels (1)
0 Karma

PickleRick
SplunkTrust
SplunkTrust

While I didn't do comparison tests myself, the general consensus is that XML-rendered windows logs are the better choice. They do not cause problems with parsing (there were some problems with ambiguous data in the traditionally formated data I recall vaguely; probably more experienced with older versions colleagues could tell you more). Also they tend to be actually smaller than traditionally formatted logs.

0 Karma

Raj
Builder

@PickleRick ,

My aim is to save the license. Can you assist me in blacklisting some of the most common Windows security events

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Sorry, can't help you here. I'm not a windows expert.

0 Karma

Raj
Builder

@PickleRick ,

By any chance vpn / firewall logs ?

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Laser Bananas and Edge Hubs: Exploring Operational Technology (OT) Data Through a ...

  OT is a different environment to traditional IT and can have interesting challenges when interfacing the ...

Event Series: Mastering AI Tokenomics and Splunk Agent Observability

Beyond the Black Box: Correlating AI Performance and Tokenomics with Splunk Agent Observability   As ...