Splunk Notes: Main Index growing

My splunk enterprise shows that the main index is growing much faster than the squid access logs i sent to squid-access-log index. Upon review, it seems that during setup of the splunkforwarder service, i added the entire c:\squid\var\logs folder as a directory to be ‘monitored’ This directive was stored in the default splunk directory/etc/app/splunk_TA_Windows/local/input.conf All […]