Getting Data In

WMI input and whitelisting

PickleRick
SplunkTrust
SplunkTrust

Hello there.

I finally managed to set up WMI-based event log monitoring and it seems to work 🙂

The problem is that it's gonna give me way to many events. I want to pull just a subset of the events from the Applicatonlog. With ordinary WinEventLog input I could set up a whitelist/blacklist to limit the processed events at the forwarder level. The same doesn't seem to work with the WMI:whatever type of input.

Is there indeed no way to limit the ingested events? Do I have to do it further down the stream by selective routing on HF?

Labels (3)
Tags (1)
0 Karma
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...