Getting Data In
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can Universal Forwaders filter in their input.conf file?

splunktrainingu
Communicator
‎04-30-2020 12:09 PM

I am attempting to filter an eventID 5156 with an application name of "\device\harddiskvolume5\program files\bonjour\mdnsresponder.exe" I am using a Universal Forwarder but I am seeing mixed responses saying this is not possible on universal Forwarder. My Universal Forwarders point to my Indexer.

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dsctm3
Path Finder
‎04-30-2020 01:19 PM

Check this out.

https://www.splunk.com/en_us/blog/tips-and-tricks/controlling-4662-messages-in-the-windows-security-...

I think this is along the line of what you are looking for. You need to use regex to create the filter.

(Edit: Formatting)

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

dsctm3
Path Finder
‎04-30-2020 01:19 PM

Check this out.

https://www.splunk.com/en_us/blog/tips-and-tricks/controlling-4662-messages-in-the-windows-security-...

I think this is along the line of what you are looking for. You need to use regex to create the filter.

(Edit: Formatting)

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL  The Splunk AI Assistant for SPL ...

Buttercup Games: Further Dashboarding Techniques (Part 5)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Customers Increasingly Choose Splunk for Observability

For the second year in a row, Splunk was recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for ...
Top