Archive

How to blacklist the events which are having a particular pattern/string?

rajesh2010
New Member

I need to blacklist the logs coming from network device which are having particular string. Please let me know how this can be done?

Tags (1)
0 Karma

MuS
SplunkTrust
SplunkTrust

Hi rajesh2010,

there a multiple ways to do that, depending on your use case.

  • If you want to blacklist based on file name or file ending, follow this white rabbit.
  • If you only want some specific parts of your logs, follow this white rabbit

hope this helps ...

cheers, MuS

0 Karma

MuS
SplunkTrust
SplunkTrust

Props and if needed transforms must be changed

0 Karma

rajesh2010
New Member

Do we need make this changes in props.conf and transforms.conf even for Splunk 6.0.1? Is editing just in inputs.conf not enough?

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!