Hi,
We are planning to collect WIndows security events with Splunk. As far as I know, there are two formats: standard and XML with renderXML=1 option.
I've have found some (older) blog/answers questions which says searching with the xml format can be very slow...
So which one should we choose, which format is recommended currently? Pros and cons? Can somebody help me to decide?
Regards,
István
↧