Hi All, I am building a solution to monitor the windows event logs from about 800 machines using splunk deployment server setup. I am filtering for only 4 event codes using whitelist option (4624,4634,4800,4801). The logs seems to be flowing correctly and i am able to generate reports. However, the issue I am facing is that my disk space is getting filled instantly. About 50 GB for a week of data. I can increase the disk space by 200 GB, but I fear it will be filled in another 2 weeks. Can someone help out how the disk space can be optimized when monitoring the windows event logs for 800 machines. Thanks, Naagaraj SV
... View more