I am attempting to filter an eventID 5156 with an application name of "\device\harddiskvolume5\program files\bonjour\mdnsresponder.exe" I am using a Universal Forwarder but I am seeing mixed responses saying this is not possible on universal Forwarder. My Universal Forwarders point to my Indexer.
