Solved: How to delete Windows logs after it was read by Sp...

PTIch · ‎09-21-2022

Hi All,

I have a large number of Windows logs in directory. How can I automatically delete them from the disk space after Splunk saves them and the folder size will be bigger than 5 gigabytes? Where can I write such configuration?

Thanks in advance!

gcusello · ‎09-21-2022

hi @PTIch,

if you're speaking of windows eventlogs, you have to configure your Windows EvenLog to have a minor retention (e.g. 24/48 hours).

If you're speaking of logs in files, you have to create a shell script that deletes files older than 24/48 hours.

This isn't a Splunk question.

ciao.

Giuseppe

View solution in original post

gcusello · ‎09-21-2022

hi @PTIch,

if you're speaking of windows eventlogs, you have to configure your Windows EvenLog to have a minor retention (e.g. 24/48 hours).

If you're speaking of logs in files, you have to create a shell script that deletes files older than 24/48 hours.

This isn't a Splunk question.

ciao.

Giuseppe

gcusello · ‎09-21-2022

Hi @PTIch ,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

How to delete Windows logs after it was read by Splunk?

lookup

Unleash Unified Security and Observability with Splunk Cloud Platform

Enterprise Security Content Update (ESCU) | New Releases

Join the Splunk Developer Program Hackathon: Splunk Build-a-thon!