Thank you the for the answer Ric. 🙂
I did find the option on the UF to forward just the WinEventLog:Security logs. But My scenario is different. All logs are being forwarded from a windows PC to a Splunk Enterprise installed on a local ubuntu machine using UF, and then forwarded to a Splunk Enterprise installation on the cloud using HF. So only the WinEventLog:Security logs should reach the Splunk Enterprise on the cloud. I did try editing the props.conf and transforms.conf, but due to my lack of knowledge in coding, I'm not able to figure out what lines to add specifically to make this happen. Please help.
Scenario Screenshot: http://prntscr.com/ex2mmf
... View more