I have recently set up Splunk to monitor /var/log/messages.
There is one event in this log that I would like to exclude.
The event itself really does not matter.
I would just like to know how I can keep certain types of data
from getting into Splunk, without ignoring the files which the data comes from.
@neophyte01, you can use
nullQueue for this using