We have on-prem splunk and have been using Splunk Add on for Salesforce for a while to pull data from Salesforce objects. We are in the process of enabling Event Monitoring logs on splunk. Is there a way where we can filter out the event types. e.g. Only bring eventType of URI and ApexExecution in splunk and not every eventType. Eventually, we want to bring in everything but we want to take one step at a time.
Any help/input is appreciated.
@amit_sachan,
Please refer this document.
http://docs.splunk.com/Documentation/Splunk/7.0.2/Forwarding/Routeandfilterdatad
and also have a look at this accepted answer:
https://answers.splunk.com/answers/59370/filtering-events-using-nullqueue-1.html
Let me know if this helps!!