Hi Kristian, thanks for your answer , the main goal here is to exclude unneeded data from being stored in splunk, so I needed to store only the important one to me..
so thinking about how to do this , and extract some parts of the incoming messages to Splunk store it and indexing it..
still your answer valid in that case ?
... View more