Getting Data In

Blacklist inputs.conf is not working..

jay_s
Engager

Greetings!

I am dealing with following directory structure;

var/log/myfolder/log-type_a.log
var/log/myfolder/log-type_b.log
var/log/myfolder/log-type_b1.log
var/log/myfolder/log-type_b2.log
var/log/myfolder/log-type_c.log

I want block log-type_b.log,log-type_b1.log, log-type_b2.log

My inputs.conf

[default]
index = my_default_index
[blacklist:/var/log/myfolder/log-type_b*]

I have tried different variations for blacklist

  • [blacklist:///var/log/myfolder/log-type_b*]

The above blacklist stanza is not working. Please let me know what am I missing.

 

 

 

 

 

Labels (3)
0 Karma
1 Solution

jay_s
Engager

after trying few options
[blacklist:/var/log/myfolder/log-type_b]

seems to be working

View solution in original post

0 Karma

ericjorgensenjr
Path Finder

Try this.

inputs.conf:

[monitor:///var/log/myfolder/]
index = my_default_index
blacklist = log-type_b

 

0 Karma

jay_s
Engager

after trying few options
[blacklist:/var/log/myfolder/log-type_b]

seems to be working

0 Karma
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...