Solved: How to delete Windows logs after it was read by Sp...

PTIch · ‎09-21-2022

Hi All,

I have a large number of Windows logs in directory. How can I automatically delete them from the disk space after Splunk saves them and the folder size will be bigger than 5 gigabytes? Where can I write such configuration?

Thanks in advance!

gcusello · ‎09-21-2022

hi @PTIch,

if you're speaking of windows eventlogs, you have to configure your Windows EvenLog to have a minor retention (e.g. 24/48 hours).

If you're speaking of logs in files, you have to create a shell script that deletes files older than 24/48 hours.

This isn't a Splunk question.

ciao.

Giuseppe

View solution in original post

gcusello · ‎09-21-2022

hi @PTIch,

if you're speaking of windows eventlogs, you have to configure your Windows EvenLog to have a minor retention (e.g. 24/48 hours).

If you're speaking of logs in files, you have to create a shell script that deletes files older than 24/48 hours.

This isn't a Splunk question.

ciao.

Giuseppe

gcusello · ‎09-21-2022

Hi @PTIch ,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

How to delete Windows logs after it was read by Splunk?

lookup

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update