I just turned on a splunk forwarder with the active directory monitoring on my AD server.
Since the windows logs WinEventLogs:Security are generating a large number of audit success events :
Log Name: Security
Date: 2/14/2013 11:55:59 AM
Event ID: 879798
Task Category: Directory Service Access
Keywords: Audit Success
Description: An operation was performed on an object.
I am also monitoring the WinEventLogs so those messages are hitting my license volume.
I know that I can filter then out at the indexer level, but this is still traffic.
How to avoid them.