Monitoring Splunk

Determining what data is in use/ accessed vs what's ingested



We are trying to trim the fat In our log ingestion and need to determine what's actually in use vs what's ingested.

Is this a possibility in any sense? Weather it be at the source types level or even More granular at the source or specific events 

I think this would be super useful as we currently don't know what's valuable information In splunk and what's not.



Tags (1)
0 Karma