Hi @barrycuda72 

To create a business rule in Log Shipper that excludes logs from a specific application, you do not necessarily need to use Regex. You can achieve this by setting up a filter in the business rule. Here are the steps to create such a rule:

1. Navigate to Log Shipper Business Rules:
  - Go to Log Shipper > Business Rules in the Netskope Cloud Exchange platform.

2. Create a New Business Rule:
  - Click on Create New Rule.
  - Enter a rule name that clearly indicates its purpose, such as "Exclude My App Logs".

3. Set Up the Filter:
  - In the alert/event filter section, you can use a query to exclude the specific application. For example, you can use:

     NOT (app = "My App")     

  - Ensure that the filter syntax is correct and matches the field names used in your logs.

4. Save the Rule:
  - Enter the folder name where you want to save this rule or select an existing folder.
  - Click Save.5. Validate the Rule:
  - After saving, you can validate the rule by checking the logs to ensure that logs from "My App" are excluded.

For more detailed steps on managing Log Shipper business rules, you can refer to the available Netskope documentation.If the above steps do not resolve your issue, you might want to double-check the exact field names and values used in your logs to ensure the filter is correctly applied.

 Reference documentation:
https://docs.netskope.com/en/netskope-help/integrations-439794/netskope-cloud-exchange/log-shipper-module/manage-log-shipper-business-rules/
https://docs.netskope.com/en/netskope-help/integrations-439794/netskope-cloud-exchange/get-started-with-cloud-exchange/configure-the-netskope-plugin-for-log-shipper/

"If my answer helped you, please mark it as the Best Answer. Thank you!"