For my windows servers I have set them up to send via syslog to Loglogic and also send to the Splunk indexer. Currently I am sending the Security, System and Application logs to both Loglogic and Splunk using a heavyforwarder.
The issue is in some cases I would like to only send the application and system logs to Splunk but have all 3 logs continue to Loglogic.
Anyway to disable some logs from going to the indexers but keep all 3 logs going via syslog?
Here is my inputs.conf: