Problems is fixed with removing definition for WMI from scripts.
Under the “$SPLUNK_HOME\bin\scripts” we saw all proceses from the scripts with a High CPU usages.
We comment those processes out for the script definition (these processes are not used for Citrix in this customer environment)
The only proces that we need in the “$SPLUNK_HOME\bin\scripts” is the “splunk-winevtlog.exe”.
After this change the avg CPU of Splunk process are not above 3-4%. And we still receive all the data.
... View more