- Splunk Enterprise On-Prem = v7.1.2
- F5-BIGIP = v13.1.0
- Using: F5 Analytics iApp v3.7.2RC5
- Kiwi SYSLOG (Heavy Forwarder that has a Uni. Forwarder assigned)
I'm currently getting bombarded with over 65k events every few seconds that is related to performance data for Memory/CPU, this data comes into our Indexer and is labeled as source=bigip.tmstats.memory_usage_stat I would like to drop this source from being indexed as its taking up close to 80% of my daily license right now.
Please Note: I'm not a heavy Splunk Admin person, so please be gentle.... I break easily 🙂