Solved: Blacklist inputs.conf is not working..

jay_s · ‎01-25-2021

Greetings!

I am dealing with following directory structure;

var/log/myfolder/log-type_a.log
var/log/myfolder/log-type_b.log
var/log/myfolder/log-type_b1.log
var/log/myfolder/log-type_b2.log
var/log/myfolder/log-type_c.log

I want block log-type_b.log,log-type_b1.log, log-type_b2.log

My inputs.conf

[default]
index = my_default_index
[blacklist:/var/log/myfolder/log-type_b*]

I have tried different variations for blacklist

[blacklist:///var/log/myfolder/log-type_b*]

The above blacklist stanza is not working. Please let me know what am I missing.

jay_s · ‎01-25-2021

after trying few options
[blacklist:/var/log/myfolder/log-type_b]

seems to be working

View solution in original post

ericjorgensenjr · ‎01-25-2021

Try this.

inputs.conf:

[monitor:///var/log/myfolder/]
index = my_default_index
blacklist = log-type_b

jay_s · ‎01-25-2021

after trying few options
[blacklist:/var/log/myfolder/log-type_b]

seems to be working

Blacklist inputs.conf is not working..

blacklist

inputs.conf

monitor

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Join the Conversation