Getting Data In

how can I configure my transforms.conf to filter specific events

New Member

Now here ,this is a test log

Thu Jun 08 2017 03:06:50 www3 sshd[2294]: Failed password for beyonce from port 3529 ssh2
host =  node1 source =secure.log sourcetype =asd    
Thu Jun 08 2017 03:06:33 www3 sshd[4541]: Failed password for myuan from port 1511 ssh2
host =  node1 source =secure.log sourcetype =asd

I want to configure my tansforms.conf to filter my events :Concretely,I only want to get the events with Failed password and ,I also want to delete some events with some specific users(the field define user is for 'myuan' ),for example,delete the user called myuan and beyonce .

0 Karma
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...