Is there any capability within Splunk so it automatically deletes the Application, Security, and System Logs in Event Viewer after Splunk receives the events? We currently have Windows Server 2003 R2 but also looking to implement Windows Server 2008 R2. Specifically, I'm curious as to if there are any configuration options available in Splunk to delete the logs in Event Viewer after Splunk gets the data from these logs. We're looking for an alternative to creating a Group Policy Object that will overwrite the logs. Thanks in advance to anyone willing to provide input
... View more