I am using Splunk to send log source data to QRadar and need to find a way to filter out certain unwanted log events. Do you know of a way to filter out unwanted log events?
FYI - I am sending the log data to QRadar via our 5 indexers.
Hi,
Take a good look at this:
And if you need more information see this other doc too:
http://docs.splunk.com/Documentation/Splunk/6.4.1/Forwarding/Routeandfilterdatad