Go Up
You are here: AdministrationAdditional ConfigurationExclude Objects from Monitoring ScopeSharePoint Online Monitoring Scope

Exclude Data from SharePoint Online Monitoring Scope

You can fine-tune Netwrix Auditor by specifying data that you want to exclude from the SharePoint Online monitoring scope.

To exclude data from SharePoint Online monitoring scope

  1. Navigate to the %ProgramData%\Netwrix Auditor\Netwrix Auditor for SharePoint Online\Configuration\ folder and locate your monitoring plan.

    NOTE: If you have several monitoring plans for monitoring SharePoint Online, configure omitlists for each monitoring plan separately.

  2. Edit the *.txt files, based on the following guidelines:

    • Each entry must be a separate line.
    • A wildcard (*) is supported, except for omiteventloglist.txt.
    • Lines that start with the # sign are treated as comments and are ignored.
File Description Syntax


Contains a list URLs of SharePoint Online objects to be excluded from audit data collection.


For example:



Contains a list of event IDs to be excluded from the Netwrix Auditor System Health event log.

event ID

For example:


NOTE: Only add known error or warning events, otherwise you may lose important data.


Contains the SharePoint Online lists, documents, etc., to be excluded from being monitored for read access.


For example:




Contains a list of user accounts to be excluded from read access monitoring.

Provide user name in the UPN format.

For example:


Go Up