not able to exclude events from indexing on splunk enterprise free version.Can anyone help me out here
sampledata:
Name:mango
Name:Mango
Name:ManGo
Name:apple
Name:banana
Name:strawberry
Name:pineapple
props.conf
[txt1]
DATETIME_CONFIG = CURRENT
NO_BINARY_CHECK = true
SHOULD_LINEMERGE = false
category = Custom
pulldown_type = true
TRANSFORMS-set= setnull
transforms.conf
[setnull]
REGEX = mango
DEST_KEY = queue
FORMAT = nullQueue
↧