SPLUNK Forwarders: is there a way to forward types of files in one folder selectively?

New Member


I'm trying to limit the amount of data that SPLUNK indexes daily and I noticed that a bunch of our server log files contain lots of reduntant data and hence can be skipped. HOWEVER, the "useless" files live in the same folders as some of the "useful" files. Question: is there a way to segregate files that Forwarders pick up from the same directory (we have both Windows and Linux servers)?



Tags (1)
0 Karma


Sure. Check out the whitelisting/blacklisting mechanisms in inputs.conf.