I've been on the struggle bus with WinEventLog blacklist entries this week and stumbled upon the new xmlRegex modifier. Anyone know which version of the Splunk Universal forwarder introduced this capability?
Note: The Splunk docs surrounding advanced white/blacklisting of WinEventLog inputs have improved significantly!
I don't know when it first became available, but xmlRegex has been around since 7.0.
I don't know when it first became available, but xmlRegex has been around since 7.0.
good enough for me. if operating any older of a version id have bigger problems to fixate on. thanks!