So first I want to apologize if I don't understand much as I am fairly new to the administration side.
However, I read some documentation that I can use transform.conf to drop logs from coming into splunk.
I am using a universal forwarder and I want a specific powershell script whitelisted.
Can anyone send me a documentation on how I would edit transform.conf to whitelist a specific powershell script? If there is a better way, that would work too.
View solution in original post
you wanna post this as a question so I can accept it