Splunk Enterprise Security

Windows Logs by default gets tagged to alert data model

sumitkathpal
Explorer

Hi All,

I just found that each logs of windows AD get tagged to alert data model, When i accelerate the data model for 1 week itself its taking space in 400+GBs . Now we don't have a requirement each log of windows gets tagged to Alert data model.

What will be best way to untag each windows logs.

0 Karma

Dev_Choudhary
Path Finder

Hi Sumit
check the tags.conf in windows AD add-on and comment the line mentioning tag = alert

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...