4 Replies Latest reply on May 23, 2019 6:48 AM by timothy_

    log insight filters

    timothy_ Lurker



      we are in the process of testing out log insights as our global log repository and are running into some issues which are likely syntax but I'm just not sure.


      one of the servers we are testing with throws a whole lot of v4_GUID events, and we want to prevent those from being logged at ale


      at the agent configuration we are trying:






      blacklist = event_type == "v4_f39b2ea6"


      but this doesn't seem to work


      then at the filter query level I've tried "event_type" "is not" "v4_*" which also does not seem to work...


      can anyone help out with some pointers as to why neither approach is working?


      Thanks in advance