Using 5.0.2. I am receiving Windows Event Logs at the Indexer from Universal Forwarders on Windows servers. I want to filter out or send to a null queue uninteresting Windows events, so I only see Error, Warning and Critical events.
I know this needs to be in the props.conf and transforms.conf but can't get it to work.
... View more