I understand I can do event ID's in the key, and this works well for selecting a small number of specific event ID's. I am looking at a catchall item for say error events in the system log, but then want to use pre processing if possible to discard the ones I specifically want to ignore. I presume one option is to have a negative lookahead in the ID regex in the key, but then I'd have to change the item key each time to add another exclusion, but was hoping for a more elegant solution where the key is not being changed each time, and doesn't get more cumbersome each addition. If I had a way to use a pre processing rule to discard on event ID that would be perfect.

An eventlog item has some fields: Timestamp, Local time, Source, Severity, Event ID, Value. You need a field Event ID, but preprocessing works with a field Value only.

Thanks for the update and quick reply. I'll be sure to keep an eye on this thread. Looking for the same issue. Bumped into your thread. Thanks for creating it. Looking forward for solution. Pasco Connect

Exclude ID-s can be done in item config
eventlog[name,<regexp>,<severity>,<source>,<eventid>,<maxli nes>,<mode>]
eventid - regular expression describing the event identifier(s)