Filter user in Security log

edoandria · ‎12-14-2011

Hi,
How to import the security log excluding some users.
I tried with trasforms but to no avail.

Thanks

MHibbin · ‎12-14-2011

Could you please provide some more information. My assumption is that you want to "hash" out the users rather than removing events involving certain users?

What transforms are you using?

edoandria · ‎12-14-2011

for some events i have to exclude some users

My trasforms is:

[events-null]
REGEX=.
DEST_KEY=queue
FORMAT=nullQueue

[security-filter]
REGEX=(?msi)^EventCode=(528|538|551|529|680|534|533|532|539|537|531|530|540|535|4624|4672|4648|4625|4634|4647|536)\D
DEST_KEY=queue
FORMAT=indexQueue

Filter user in Security log

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Unlock Database Monitoring with Splunk Observability Cloud

Join the Conversation

Filter user in Security log

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Unlock Database Monitoring with Splunk Observability Cloud