I'm running the Splunk Universal Forwarder and I've configured the inputs.conf for the Splunk Add-on for Microsoft Windows to monitor the Security event logs for Windows.
At this time though I'm looking to blacklist / not index any security event that displays a specific account name. The account name is "wilmsplunksvc".
I've went ahead and created a blacklist within the inputs.conf without any luck. Below is the syntax I used.
blacklist4 = Account_Name="wilmsplunksvc"
Any assistance would be greatly appreciated.
↧