> > The second reason is we use Splunk as a log aggregator. In Splunk
> > it is easy to filter these out when looking at the log but having
> > all these almost useless messages significantly adds to the
> > activity of the Splunk forwarder on these systems.
> I'm surprised Splunk doesn't have a "drop records matching pattern" or
> something like that, so you can just never ingest them. Maybe that
> would be a feature too easy to exploit.
Chris, that is a great idea. I don't control the aggregator and that may be
where a filter might be configured. I will check.
Darryl Baker, GSEC (he/him/his)
Sr. System Administrator
Distributed Application Platform Services
Northwestern University
1800 Sherman Ave.
Suite 6-600 – Box #39
Evanston, IL 60201-3715
[email protected]
(847) 467-6674
