# why is the ts4k spamming sage-hec.oi.tivo.com after update?



## crackers8199 (Dec 9, 2020)

just ran through my pi.hole logs, and my ts4k (since updating and causing a whole bunch of headaches last night) is spamming my network with requests to sage-hec.oi.tivo.com literally every few seconds (119 requests over the past 10 minutes).

according to the logs, this didn't happen until the update last night...so it seems this is something new.


----------



## kdmorse (Jan 29, 2001)

It smells a lot like a AWS (Amazon Web Services) provisioned Enterprise Splunk server. It's probably their direction for centralized log aggregation. I don't know enough about the splunk daemon to know if spammy DNS queries is a sign of a problem, or if it's just the way it is - could go either way.


----------



## crackers8199 (Dec 9, 2020)

kdmorse said:


> It smells a lot like a AWS (Amazon Web Services) provisioned Enterprise Splunk server. It's probably their direction for centralized log aggregation. I don't know enough about the splunk daemon to know if spammy DNS queries is a sign of a problem, or if it's just the way it is - could go either way.


interesting. can you see any harm in just blocking it (if i set the pi.hole to blacklist it)?


----------

