Hi team,
Im ingesting logs from Active directory (AD) server to elastic SIEM but daily im getting 2cr logs from 1 single server. such servers we have 4.
so kindly help me , how to reduce such huge log source without compromising security .
Thank you