Hi, facing issue with data ingestion for the windows security events from the domain controller servers
index=wineventlog source=WinEventLog:Security
any suggestion, solution here?
Set maxKBps=0 on the forwarders on each DC.
so far I have tried, below windows addon changes as per the splunk
[WinEventLog://Security]
evt_resolve_ad_obj = 0
and change limits.conf
# selt maxkbps to 4096
[thruput]
maxKBps = 4096