Exclude words from subject

priya0709 · ‎11-05-2020

I have to exclude all subject with some similar set of words in subject.

Eg. Inc00452| RE: Exchange 2K16: Alert: Processor > % Processor Time

So I have to exclude all subject with 'Alert: Processor > % Processor Time'

So all subject with above keyword should be excluded

dauren_akilbeko · ‎11-05-2020

inventsekar · ‎11-05-2020

Hi @priya0709 your question is not clear.. please provide us some more details, thanks.

priya0709 · ‎11-05-2020

My requirement is to exclude all subjects which has words "Alert: Processor > % Processor Time" in subject

Please see attached my query

inventsekar · ‎11-05-2020

Hi Priya, you were saying about logs ingestion at HF and filtering at HF?

or you were saying about the "alerts" email notification subject line?

Maybe, You could send a direct message here from your profile to me, so that we can understand and resolve your issue faster, thanks.

priya0709 · ‎11-05-2020

Please see attached

isoutamo · ‎11-05-2020

Are you meaning that this text will removed:
- your query output
- already from events before it has stored to splunk
- something else
r. Ismo