Getting Data In

Exclude tar files in inputs.conf

Explorer

Hello,

Is there a way to "blacklist" or exclude tar.gz file with in a monitored directory in
the inputs.conf file.

For example.. I would like to monitoring /var/log/syslog/*
but not all the rotated tar files which have been created.
Just the .log file which have been created that day

Tags (1)
0 Karma
1 Solution

Splunk Employee
Splunk Employee

The docs at http://docs.splunk.com/Documentation/Splunk/6.0/admin/Inputsconf show under the Monitor section:

blacklist =
* If set, files from this input are NOT monitored if their path matches
the specified regex.
* Takes precedence over the deprecated _blacklist attribute, which functions the same way.

So in your case:

blacklist = *.tar.gz

View solution in original post

Splunk Employee
Splunk Employee

The docs at http://docs.splunk.com/Documentation/Splunk/6.0/admin/Inputsconf show under the Monitor section:

blacklist =
* If set, files from this input are NOT monitored if their path matches
the specified regex.
* Takes precedence over the deprecated _blacklist attribute, which functions the same way.

So in your case:

blacklist = *.tar.gz

View solution in original post

Splunk Employee
Splunk Employee
0 Karma

Splunk Employee
Splunk Employee

Don't forget to mark it as accepted/answered!

0 Karma

Explorer

Nice.. Thank you

0 Karma