Hi,
I want to skip indexing audit log if DATABASE_USER match some strings.
Is there any way?
Thanks,
Hey@ksasaki0214,
Try referring this link:
http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Routeandfilterdatad#Keep_specific_even...
Let me know if this helps!!