We have client logs getting indexed using RestAPI and our license is overloaded with high volume. Because of restapi setup we don't have forwarder pushing logs to Splunk indexer-- its getting indexed directly from user machines. Is there any way we can just blacklist the index or source type?
Thanks
↧