I'm wanting to exclude records with a particular keyword from being ingested by the indexer.
I have several Windows servers all pointing to a heavy forwarder where the inputs.conf file determines which logs to ingest into the Splunk indexer however there is some selected content that I want to exclude that exists in some of the included logs.
Specifically, I want to exclude any records that contain the word "Zabbix", or "Zabbix Agent".
How can this be done and where is the best place to do this filtering?
↧