Windows Event Logs are something found in almost every Splunk deployment. This presentation goes through best practices for their collection, reducing their license usage, and some suggestions on how they can be mode more useful.

Dave Shpritz presents “Splunk and Windows Event Logs: Best Practices, Reduction, and Enhancement”.

PDF

Updated: