Getting Data In

How to blacklist the events which are having a particular pattern/string?

rajesh2010
New Member

I need to blacklist the logs coming from network device which are having particular string. Please let me know how this can be done?

Tags (1)
0 Karma

MuS
SplunkTrust
SplunkTrust

Hi rajesh2010,

there a multiple ways to do that, depending on your use case.

  • If you want to blacklist based on file name or file ending, follow this white rabbit.
  • If you only want some specific parts of your logs, follow this white rabbit

hope this helps ...

cheers, MuS

0 Karma

MuS
SplunkTrust
SplunkTrust

Props and if needed transforms must be changed

0 Karma

rajesh2010
New Member

Do we need make this changes in props.conf and transforms.conf even for Splunk 6.0.1? Is editing just in inputs.conf not enough?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...