I would like to filter/blacklist all event type/level "information" on Splunk 6.5.0, i am using wmi to collect logs from my servers. I am not sure if we blacklist them on \etc\system\default\inputs.conf or \etc\system\local\inputs.conf
I am not sure about the syntax I need to use since i am new to Splunk. i am not using forwarder to collect events.
hello.. basically I would like to index all errors and warning and discard the rest. At the moment I am ONLY able to index errors and everything else is discarded, I would now want to index errors and warning.
@citosysadmin - Were you able to test out paulstout's solution? Did it work? If yes, please don't forget to resolve this post by clicking on "Accept". If you still need more help, please provide a comment with some feedback. Thanks!