Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

bar logs with debug level enabled

bmcaetano
Engager
‎02-04-2024 05:36 PM

Is there any way to block logs coming from other servers, on a distributed server, with the debug level activated? I say this because our splunk is suffering performance degradation due to the amount of DEBUG logs. I'm still studying the props.conf documentation, would this be the right way to do this?

Labels (1)
Labels
0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎02-04-2024 06:14 PM

Take a look at Ingest Actions

bowesmana_0-1707099276364.png

 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎02-05-2024 07:41 AM

Hi

another option is use those props.conf and transforms.conf files as you already have looked. Here is one old post to do it https://community.splunk.com/t5/Monitoring-Splunk/FortiGate-Firewall-is-consuming-the-license/m-p/64... There are lot of other examples in community and also on docs.splunk.com. 

One thing what you must remember is that you must put those configurations on 1st full splunk instance from source to indexers. This could be a HF or an indexer.

r. Ismo

 

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...