Hello,
I have a firewall that sends a lot of data, i would like to filter events using a specific field value (exemple whitelist field="value")
my stanza is like this :
[udp://516]
connection_host = ip
sourcetype = stonegate
whitelist = deviceExternalId="value"
This didn't work and i still get all of data.
Any help please ?
thanks
↧