I have a VB script to get Local users from Admin group. The event data from this script by default adds the below 2 lines to the event.
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.
How to get rid of these unwanted lines?
If you own the script, update the same to remove these unwanted lines from the output.
If that's not possible, you can use event filtering method to drop those lines from indexing
http://docs.splunk.com/Documentation/Splunk/6.4.3/Forwarding/Routeandfilterdatad#Filter_and_route_ev...
https://answers.splunk.com/answers/37423/how-to-configure-a-forwarder-to-filter-and-send-the-specifi...
See if this answers your question
http://blogs.splunk.com/2013/10/22/dropping-useless-headers-in-splunk-6/