Getting Data In

Can Universal Forwaders filter in their input.conf file?

splunktrainingu
Communicator

I am attempting to filter an eventID 5156 with an application name of "\device\harddiskvolume5\program files\bonjour\mdnsresponder.exe" I am using a Universal Forwarder but I am seeing mixed responses saying this is not possible on universal Forwarder. My Universal Forwarders point to my Indexer.

Labels (1)
0 Karma
1 Solution

dsctm3
Path Finder

Check this out.

https://www.splunk.com/en_us/blog/tips-and-tricks/controlling-4662-messages-in-the-windows-security-...

I think this is along the line of what you are looking for. You need to use regex to create the filter.

(Edit: Formatting)

View solution in original post

0 Karma

dsctm3
Path Finder

Check this out.

https://www.splunk.com/en_us/blog/tips-and-tricks/controlling-4662-messages-in-the-windows-security-...

I think this is along the line of what you are looking for. You need to use regex to create the filter.

(Edit: Formatting)

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...