Hello,
i'm going to be crazy !!
I have an eventlog i need to filter in order to not index some events, after many searches, and tests, nothing work.
So i try a dastric solution, disable the eventlog monitoring in the wmi.conf, and even this not work...
wmi.conf file content:
[WMI:WinEventLog:Application]
disabled = 1
I create this file in the C:\Program Files\Splunk\etc\system\local directory , restart the Splunk services, but i stil have events collected.
If even the most basic filter doesn't work, i have no hope to succeed with event filter in that eventlog.
Someone could tell me what's going wrong please ?
The main goal to this is to filter all event incoming with sourcename=Userenv
i try with a props.conf and transform.conf files, never work too.
Thx for your help
... View more