Let's say, I have 5 forwarders. 4 of them are allowed to forward events to the indexer but one of them is not. How can I Blacklist this host at the indexer not at the forwarder or network (eg., iptables)? In this way, no log event should be index from the host that is not allowed to...
Thanks, Lp