Removing Idle Event Sources
Periodically, you may want to update your set of event sources and remove ones that are no longer being used. You can use the Idle Time parameter to do this.
Note: The information in this topic applies to NetWitness latest version.
To remove idle event sources:
- Go to
(Admin) > Event Sources.
-
In the Manage panel, click
.
The Create an Event Group dialog is displayed.
-
Fill in the name and description as you like, and add a condition that uses the Idle Time parameter, as shown here:
In this example, we have set the condition to identify event sources that have been idle for at least 60 days.
- Save the new group, then select it in the Groups panel.
-
Select some or all event sources in the group. The following screen shows all event sources from this group selected.
-
In the Event Sources panel, click
to delete the selected, idle event sources.
A confirmation message appears:
- Click Delete Now to confirm your intention to delete the selected event sources.
If, in the future, an event source that has been removed sends logs, a new event source will be created.
