Global Log Processing Rules (GLPR) are a part of the Advanced Data Management settings which provide a way to override settings defined in Classification Based Data Management (CBDM) or Standard Data Management modes (Log Message Source, Log Processing Policy). A GLPR provide a way to apply Data Management settings across all Data Processors, Log Sources and Log Processing Policies to logs that meet your specific criteria.
GLPR overrides are globally applied to log messages that match Classification Criteria (such as Network/Deny, Authentication/Failure, etc), and are customized with Include and/or Exclude Filters for log metadata. This flexibility provides a manageable way to determine how logs are processed throughout the system, regardless of settings used by various Log Sources and/or Log Processing Policies. Logs that do not match the GLPR filters are processed normally per CBDM or Standard Data Management settings.
LogRhythm diagnostic common events are not affected by Global Log Processing rules.