Solved: How to delete Windows logs after it was read by Sp...

PTIch · ‎09-21-2022

Hi All,

I have a large number of Windows logs in directory. How can I automatically delete them from the disk space after Splunk saves them and the folder size will be bigger than 5 gigabytes? Where can I write such configuration?

Thanks in advance!

gcusello · ‎09-21-2022

hi @PTIch,

if you're speaking of windows eventlogs, you have to configure your Windows EvenLog to have a minor retention (e.g. 24/48 hours).

If you're speaking of logs in files, you have to create a shell script that deletes files older than 24/48 hours.

This isn't a Splunk question.

ciao.

Giuseppe

View solution in original post

gcusello · ‎09-21-2022

hi @PTIch,

if you're speaking of windows eventlogs, you have to configure your Windows EvenLog to have a minor retention (e.g. 24/48 hours).

If you're speaking of logs in files, you have to create a shell script that deletes files older than 24/48 hours.

This isn't a Splunk question.

ciao.

Giuseppe

gcusello · ‎09-21-2022

Hi @PTIch ,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

How to delete Windows logs after it was read by Splunk?

lookup

Monitoring MariaDB and MySQL

Financial Services Industry Use Cases, ITSI Best Practices, and More New Articles ...

Splunk Federated Analytics for Amazon Security Lake