Recently we upgraded the Splunk version to 6.3.0
We are trying to filter certain event codes from Security and System LogNames and it is not filtering.
[WinEventLog://Security]
disabled = 0
evt_resolve_ad_obj = 0
blacklist1 = 4656,4689,4688
[WinEventLog://System]
disabled = 0
evt_resolve_ad_obj = 0
blacklist1 = 7036,5009,98,7045
Updated Inputs.Conf under ....\etc\system\local. This did not work.
Then updated Inputs.Conf under ....\etc\apps\SplunkLightForwarder\default. This did not work
What am I missing here? Please advise.
Thanks
Anand
