Splunk Search

Filter out pan_traffic_start eventtype

Yadukrishnan
Explorer

Hi,

I have installed and configured Palo Alto Addon which is creating multiple eventtypes , one of which is pan_traffic_start which I believe are the session start logs. I want to remove these particular event types from the logs so that the license can be saved since much value are not there from these logs. Can someone please help me in filtering out this eventype so that they will not reach indexers or search headers. 

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...