Hi All,
The data checkpoint file for windows logs is taking up a lot of disk space (over 100 GB).
Where can I check the modular input script. We are having issues of full disk space due to this.
How can I exclude the modinput for one of the checkpoint on particular servers?
An example windows log event is as following:
\powershell.exe (CLI interpreter), Pid: 12345,\OSEvent: (Source: (Uid: xxxxxxxxx, Name: splunk-winevtlog.exe, Pid: 123123, Session Id: 0, Executable Target: Path: \Device\HarddiskVolume4\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Application)
Any help would be appreciated!
Thanks in Advance!