Filtering Logs In FluentD

[RehMarcelino]

Hi,

I'm trying to filter windows events log on td-agent.conf using X-PATH. This is possible on Windows SO?

I'm trying to create an exception to send event log to a SIEM product. I'm using the command line bellow inside of each source.

Example:
event_query "Event/System[(EventID!=4688)]"

That's a right thing? Exist another form to filter this events?

[cosmo0920]

You mean you are using fluent-plugin-windows-eventlog plugin to filter consuming EventLog?
If so, it should be: event_query "*[System[(EventID!=4688)]]"