How to achieve blacklist for folder level

splunkn · ‎02-19-2017

I would like monitor all the files below except the first one
Because sample.log from environment a1 conusming more data and is not required to index
How to blacklist only this file from one environment?
How to achieve blacklist for folder level

/logs/sample/enva1/logs/sample.log
/logs/sample/enva2/logs/sample.log
/logs/sample/enva3/logs/sample.log
/logs/sample/enva4/logs/sample.log
/logs/sample/enva2/logs/purple.log
/logs/sample/enva4/logs/purple.log

niketn · ‎02-19-2017

As one of the options you can define Blacklist in your inputs.conf for the monitor data input you currently have.

[monitor://<YourFolderStructure>\enva*\logs\*]
    blacklist = <YourFolderStructure>\enva1\logs\*

For information on Blacklisting refer to following documentation: https://docs.splunk.com/Documentation/Splunk/latest/Data/Whitelistorblacklistspecificincomingdata#Bl...

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

niketn · ‎02-20-2017

@splunkn were you able to try the blacklist solution?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

How to achieve blacklist for folder level

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Building Momentum: Splunk Developer Program at .conf25

Are you a member of the Splunk Community?

How to achieve blacklist for folder level

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Building Momentum: Splunk Developer Program at .conf25