I see from this question and answer on Splunk's own Q&A site that it's possible to exclude certain messages from indexing on a Splunk instance.
I have a Splunk Cloud instance where the only way of configuring such things is through the GUI. I don't have access to edit the configuration files directly.
This answer (again on Splunk's site) discusses how to translate entries in props.conf
into inputs to the GUI. However my particular case of filtering out messages entirely isn't covered.
How can I do this with the Splunk GUI?