Hi,
How to import the security log excluding some users.
I tried with trasforms but to no avail.
Thanks
Could you please provide some more information. My assumption is that you want to "hash" out the users rather than removing events involving certain users?
What transforms are you using?
for some events i have to exclude some users
My trasforms is:
[events-null]
REGEX=.
DEST_KEY=queue
FORMAT=nullQueue
[security-filter]
REGEX=(?msi)^EventCode=(528|538|551|529|680|534|533|532|539|537|531|530|540|535|4624|4672|4648|4625|4634|4647|536)\D
DEST_KEY=queue
FORMAT=indexQueue