Hi everyone.I need some help please. I have a requirement from the vendor Hunters where I need save Windows Event Logs in S3 in XML format, but it is mandatory one event per file. Is it possible configure this in Cribl?
Page 1 / 1
One event per file will likely have you end up with millions of files and might cause trouble with too much connections, files etc... Do you need to collect ALL windows events for that or only a tiny subset?
This has been discussed before. Very difficult to achieve and I would strongly recommend against it.https://cribl-community.slack.com/archives/CPYBPK65V/p1661282080042919
Yeah, I also see that this is not a good option. I'm going to check with Hunters if there is some other better alternative.
Thanks for the quick feedback guys!!
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.