Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How can i use whitelist to allow only the required data from eventlog?

linu1988
Champion
‎05-22-2013 02:28 AM

Hello,
i would like to forward only my program related data from e.g. Program A: error occurred at step 6!!

How can i use the whitelist and blacklist to get rid of the unnecessary event logs.

Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution

linu1988
Champion
‎05-22-2013 04:31 AM

Thanks Bob! This will help with my implementation.

0 Karma
Reply
Solved! Jump to solution

BobM
Builder
‎05-22-2013 03:01 AM

Whitelists and blacklists are only used at inputs phase and match against source names, normally file names or folders. It sounds like you want to discard individual events which can not be done until parsing phase.

This must be done on the indexer and the link Ayn provided explains how to do this.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...