I have a ton of event that contain SourceName="Symantec AntiVirus". How can I exclude these events fro being indexed?
http://docs.splunk.com/Documentation/Splunk/5.0.2/Deploy/Routeandfilterdatad#Discard_specific_events...
View solution in original post