×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
yashb
Engager
Member since: ‎04-30-2025
‎08-13-2025
Community Statistics
Posts 2
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎04-30-2025
Activity Feed
View All

DDAS

by in Splunk Cloud Platform
‎08-12-2025 12:02 PM
‎08-12-2025 12:02 PM
Hi All, Our DDAS usage has increased to 119.2%. What are some effective ways or best practices to optimize and reduce the usage? Any guidance or recommendations would be appreciated. Thanks in advance! ... View more
Labels

How to Drop Events Larger Than 10,000 Bytes Before...

by in Getting Data In
‎04-30-2025 11:46 AM
‎04-30-2025 11:46 AM
Hi everyone, I'm working on a use case where I need to drop events that are larger than 10,000 bytes before they get indexed in Splunk. I know about the TRUNCATE setting in props.conf, which limits how much of an event is indexed, but it doesn't actually prevent or drop the event — it just truncates it. My goal is to completely drop large events to avoid ingesting them at all. So far, I haven’t found a built-in way to drop events purely based on size using transforms.conf or regex routing. I'm wondering: Is there any supported way to do this natively in Splunk? Can this be done using a Heavy Forwarder or a scripted/modular input? Has anyone solved this with a custom ingestion pipeline or pre-filter logic? Any guidance or examples would be greatly appreciated! ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎08-13-2025 01:47 PM
Karma given to
View All