Splunk Enterprise

Monitoring specific services

fhemmeld
Explorer

Relatively newbie on Splunk and trying to monitor specific services on windows boxes that run a Universal Forwarder. I can get the services info into the Splunk Light indexer (using [WinHostMon://Service] or [WMI:Services]), but both send back the whole list of services, while I only need a few of them and since I am limited in what I can index, I prefer not to index info I do not need. I looked at white-listing, but that only works on files/folders.

Is there a way of only obtaining the info for a few services (for example the SplunkD service, or Tomcat8 service) and ignore the rest at the source, or filter on the indexer by redirecting the unwanted info into the nullqueue or similar? I have searched through the answers on answers.splunk.com but have not found anything that helped me.

Using SplunkLight 7.1.2 without TA add-ons.

Thanks you!

DalJeanis
Legend

As well as somesoni2's suggestion, you can also whitelist or blacklist particular transactions, using various methods.

The general term for that is "route to the null queue". Here's one example answer that explains hwo to do it in one situation.

https://answers.splunk.com/answers/11617/route-unwanted-logs-to-a-null-queue.html

In essence, you can either route only specific things to the nullqueue, or you can route everything to the nullqueue and then save the specific items you want to keep.

Of course, if your set it up so that the logs are never created, then you don't have to do that decisioning.

0 Karma

somesoni2
Revered Legend
0 Karma
Get Updates on the Splunk Community!

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

At Splunk Education, we’re dedicated to providing top-tier learning experiences that cater to every skill ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...