I am having trouble finding a solution to blacklisting a SourceName called "SCLIntra Mobile Sync Service" on my forwarders. Anyone?
[WinEventLog://Application] checkpointInterval = 5 current_only = 0 disabled = 0 start_from = oldest blacklist = SourceName="SCLIntra Mobile Sync Service"
It is normal Windows event log data. Nothing else is blacklisted/whitelisted for the Application log.
01/14/2016 09:56:32 AM
SourceName=SCLIntra Mobile Sync Service
Severity = Error
SourceName = SCLIntra Mobile Sync Service
host = v1651ancay014
index = wineventlog
linecount = 55
source = WinEventLog:Application
sourcetype = WinEventLog:Application