Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Blacklist in inputs.conf not working as expected

khhenderson
Path Finder
‎06-04-2018 12:45 PM

I am attempting to monitor all the log with the word access.
But exclude one particular log file.

Here is my inputs.conf

[monitor:///var/log/nginx/*access*log]
index = nginx
sourcetype = access_combined
disabled = false
blacklist = app.domain.com.access.https.log

Can I specify the log file literally?

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎06-04-2018 01:08 PM

Hi hkkenderson,

blacklist is using regex to match, therefore you should use \. instead of just .. Try this:

 blacklist = app\.domain\.com\.access\.https\.log

This assues you want to literally match one dot and not just anything one time.

Hope this helps ...

cheers, MuS

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud | Customer Survey!

If you use Splunk Observability Cloud, we invite you to share your valuable insights with us through a brief ...

Happy CX Day, Splunk Community!

Happy CX Day, Splunk Community! CX stands for Customer Experience, and today, October 3rd, is CX Day — a ...

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...