morning I have a question and problem I made a query to brin

Question

morning I have a question and problem I made a query to bring powershell events through the powershell events table I created a pack with this query select from powershell events But when I did it started to get a flood of events and the traffic went up from 150MB to 1GB I realized after 5 min later When I realized I stopped the pack even excludes it but still this event keeps coming is there anything to be done so that the hosts stop sending or just wait to normalize This pack was run for 2500 hosts

zwass · Answer

Potentially you could set ` buffered log max` to a low value for those hosts which should cause them to clear out the additional buffered logs

Hello_There · Answer

< zwass> Nice I ll try this right now

Hello_There · Answer

< zwass> it worked perfectly the buffer was cleared and the traffic practically zeroed I will wait a few hours and return to the default values

zwass · Answer

Nice