@gcusello Hi Giuseppe, thanks for the guidance! As you can tell I am a newbie here 😉 Actually I did posted a new question here https://community.splunk.com/t5/Getting-Data-In/How-to-forward-only-Windows-events-XML-to-a-3rd-party-system/td-p/680458. I was struggling and saw your Q/A. I understand filtering at forwarder is not a good idea. In any case I've figured out how exactly to filter things out in Splunk Server so my 3rd party partner would get XmlWinEvtLog messages only. Thanks again! Billy
... View more