Within the Event Source Monitoring of Health and Wellness we have old sources that are still there and the aged time is getting longer and longer.
I'd like to clean the old records our and was wondering if it's possible to do it via the RESP API? We have over 18,000 (McAfee EPO creates and event source for every host) and trying to find the old records get's really cumbersome.
Or is it better to just reset all the Log stats back to zero?
We're running 10.6.4 so it is possible to remove an individual entry. The problem I'm having is it's too time consuming to try and find 1 entry out of 18,000 with only seeing 200 records at a time on each page of event sources. That's why I asked the question about trying to delete via the API.