> > The second reason is we use Splunk as a log aggregator. In Splunk
> > it is easy to filter these out when looking at the log but having > > all these almost useless messages significantly adds to the > > activity of the Splunk forwarder on these systems. > I'm surprised Splunk doesn't have a "drop records matching pattern" or > something like that, so you can just never ingest them. Maybe that > would be a feature too easy to exploit. Chris, that is a great idea. I don't control the aggregator and that may be where a filter might be configured. I will check. Darryl Baker, GSEC (he/him/his) Sr. System Administrator Distributed Application Platform Services Northwestern University 1800 Sherman Ave. Suite 6-600 – Box #39 Evanston, IL 60201-3715 darryl.ba...@northwestern.edu (847) 467-6674