i got a Catalina log and i don't want to index lines that contains one of that word: API PROXY, WARN, ERROR
After that i want to aggregate some lines.
I'm using a Single instance deployment of Splunk7.1.
Can someone help me to delete the log lines?
I tried with this transforms.conf file
[setnull] REGEX = API PROXY|WARN|ERROR DEST_KEY = queue FORMAT = nullQueue [setparsing] REGEX = . DEST_KEY = queue FORMAT = indexQueue
but it doesn't work