How do I filter out some Windows events at Search Head/Indexer (RHEL 6 install) Splunk 6.3.1?

New Splunk server, initial tuning period. Working on tuning and filtering. Server shows two event types as most frequent patterns: 44.49% 12/09/2015 05:33:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=LEE.cara.nascom.nasa.gov TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=70002132 Keywords=Audit Success Message=The Windows Filtering Platform has allowed a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Inbound Source Address: xxx.xxx.xx.xxx Source Port: 138 Destination Address: xxx.xxx.xx.xx Destination Port: 138 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Receive/Accept Layer Run-Time ID: 44 23.51% 12/09/2015 05:30:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=B28-WS71.cara.nascom.nasa.gov TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1865188338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 13252 Application Name: \device\harddiskvolume2\program files\dell\dell data protection\access\advanced\wave\remotemanagement\wsceaa.exe Network Information: Source Address: 0.0.0.0 Source Port: 62358 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 Would like to filter those events on the Indexer so they are not ingested and don't count against indexing license cap. If possible would like to record first occurrence per day, then ignore duplicates. If that isn't possible, would be acceptable to filter all away for these specific events (at least in cases where audit was for a successful occurrence of an event).. I've seen article here: http://docs.splunk.com/Documentation/Splunk/6.3.1511/Forwarding/Routeandfilterdatad But am still a little confused as to what needs to be done and where specifically to do same.