Hi ,
The overall scenario goes like this , i have multiple Active Directory in my environment. I want to index all the event id from one AD whereas i want only few event id to index for a specific time of the day.
After certain research got to know that we can do this by installing heavy forwarder and perform pre filtering.
However i have installed universal forwarder on all my AD and cannot install heavy forwarder for smooth functionality of the AD. Hence pre filtering is not the option.
I also noticed we can make change in the tranforms.conf and props.conf of the indexer but this is not host specific it will be applied on all the host thereby not fulfilling my criteria.
Is there any way to workout on this issue.
Thankyou in advance.Your help would be much appreciated.
↧