Hi,
I like to filter out "%ASA-4-106023" before sending log to splunk indexer, Below are my config:
inputs.conf
[monitor:///var/log/]
outputs.conf:
[tcpout]
defaultGroup = splunk-indexer.dax.net_9090
disabled = false
[tcpout:splunk-indexer.dax.net_9090]
server = <ip_to_splunk-indexer>:9090
[tcpout-server://<ip_to_splunk-indexer>:9090]
props.conf
[source::
