Quantcast
Channel: Questions in topic: "splunk-enterprise"
Viewing all articles
Browse latest Browse all 47296

Selective Filtered Indexing and Forwarding to 3rd party syslog

$
0
0
Hello, Our setup is as follows: Windows/Unix UF -> HF -> IDX Clusters Currently we are sending everything to IDX cluster and 1 copy of the logs to a 3rd party syslog server from the HF. What we are trying to achieve is to send everything to the 3rd party syslog server and only send filtered logs to the idx clusters. Given the scenario of the following sourcetype: a) wineventlog b) linux_secure c) cisco:asa I am trying to figure out how we can : a) Send everything to the 3rd party syslog b) Drop events with the eventcode 4624 for example in wineventlog from being send to indexer. c) Drop events with "ssh" keyword for example in linux_secure from being send to the indexer. d) send all cisco:asa events to the indexer.

Viewing all articles
Browse latest Browse all 47296

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>