4 Replies Latest reply on May 23, 2019 6:48 AM by timothy_

    log insight filters

    timothy_ Lurker

      hi,

       

      we are in the process of testing out log insights as our global log repository and are running into some issues which are likely syntax but I'm just not sure.

       

      one of the servers we are testing with throws a whole lot of v4_GUID events, and we want to prevent those from being logged at ale

       

      at the agent configuration we are trying:

       

       

      [winlog|db-windows-application]

      channel=Application

      enabled=yes

      blacklist = event_type == "v4_f39b2ea6"

       

      but this doesn't seem to work

       

      then at the filter query level I've tried "event_type" "is not" "v4_*" which also does not seem to work...

       

      can anyone help out with some pointers as to why neither approach is working?

       

      Thanks in advance