I'm new to Splunk.
I have a folder with windows Eventlog files that we want to feed into splunk. I have less than 200 MB of files on the disk but when splunk imports it my index usage hits 1 GB, which causes a license violation.
Can anyone explain why, or know the raw data size to index size is?
... View more
New Splunk user here:
We have an auditing requirement to audit process creation messages. It appears that the splunk service (Splunkd.exe) is
generating Process creation messages ( Eventid 4688 ) constantly in our security eventlog and the eventlogs are getting huge.
We are using version 6.1.
There must be others out there with this requirement. Are there any work arounds other than disabling auditing.. (which may not be possible)?
... View more