Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Appending to a whitelist

Peter_B
Explorer
‎09-20-2010 02:53 PM

We're using the unix app to monitor our linux machines. One of the files we need to monitor is /var/log/secure. The unix app has a monitor for /var/log with a _whitelist that does not include 'secure'. Rather than entirely overwrite that whitelist with an entry in in etc/system/local/inputs.conf, does anyone know of a way of appending to it (other than editing the inputs.conf in the unix app)? What I mean is can you do something like this - 

[monitor:///var/log]
_whitelist=EXISTING-WHITELIST+'secure'

Thanks

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

Stephen_Sorkin
Splunk Employee
Splunk Employee
‎09-20-2010 04:10 PM

Your best bet is to add another inputs stanza, rather than to augment the existing one. For example:

[monitor:///var/log/secure*]

View solution in original post

Reply
Solved! Jump to solution
Solution

Stephen_Sorkin
Splunk Employee
Splunk Employee
‎09-20-2010 04:10 PM

Your best bet is to add another inputs stanza, rather than to augment the existing one. For example:

[monitor:///var/log/secure*]
Reply
Solved! Jump to solution

ftk
Motivator
‎09-20-2010 03:25 PM

Unfortunately appending filters is only possible with the fschange monitor at this point.

Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...