animetauren/Splunk Ingest Action Filter for Windows Event Logs Secret

## Splunk Ingest Action Filter for Windows Event Logs
[source::WinEventLog:System]
     ingest_action_replace_info_text_from_winsecurity_events_this_event = This\sevent\sis\sgenerated[\r\n\t\S\s]*

 [source::WinEventLog:Security]
     ingest_action_replace_info_text_from_null_sid_id = (Security\sID:\s\sNULL\sSID)|(Logon\sID:\s\s0x0)
     ingest_action_replace_cleansrcip = Source\sNetwork\sAddress:\s(::1|127.0.0.1)
     ingest_action_replace_cleansrcport = Source\sPort:\s*0
     ingest_action_replace_remove_ffff = ::ffff:
     ingest_action_replace_info_text_from_winsecurity_events_certificate_information = Certificate\sinformation\sis\sonly[\r\n\t\S\s]*
     ingest_action_replace_info_text_from_winsecurity_events_token_elevation_type = Token\sElevation\sType\sindicates[\r\n\t\S\s]*Run\sas\sadministrator\.$
     ingest_action_replace_info_text_from_winsecurity_events_this_event = This\sevent\sis\sgenerated[\r\n\t\S\s]*
	[source::WinEventLog:System]
	ingest_action_replace_info_text_from_winsecurity_events_this_event = This\sevent\sis\sgenerated[\r\n\t\S\s]*

	[source::WinEventLog:Security]
	ingest_action_replace_info_text_from_null_sid_id = (Security\sID:\s\sNULL\sSID)\|(Logon\sID:\s\s0x0)
	ingest_action_replace_cleansrcip = Source\sNetwork\sAddress:\s(::1\|127.0.0.1)
	ingest_action_replace_cleansrcport = Source\sPort:\s*0
	ingest_action_replace_remove_ffff = ::ffff:
	ingest_action_replace_info_text_from_winsecurity_events_certificate_information = Certificate\sinformation\sis\sonly[\r\n\t\S\s]*
	ingest_action_replace_info_text_from_winsecurity_events_token_elevation_type = Token\sElevation\sType\sindicates[\r\n\t\S\s]*Run\sas\sadministrator\.$
	ingest_action_replace_info_text_from_winsecurity_events_this_event = This\sevent\sis\sgenerated[\r\n\t\S\s]*