Client needs to push these event codes through **Heavy Forwarder** to Splunk Cloud.
So please help in creating REGEX for filtering the below Event ID's in **transforms.conf** and **props.conf**
**transforms.conf**
1100,1101,1102,1104,1105,1108
4624-4627,4634,4646-4668,4670-4672,4675,4690-4691,4698-4702,4704-4707,4709-4720,4722-4735,4737-4794,4797-4803
↧