Getting Data In

How to add blacklist in inputs.conf file using Linux Command

chris1
Explorer

Hi ,

We have a Splunk forwarder installed on a Linux platform. I have already added the monitor details in inputs.conf file. Now I want to avoid the files which have "test" in the name. So I need to add blacklist = test in inputs.conf file. Please let me know how to add it.

e;g ./splunk edit monitor

0 Karma

lcrielaa
Communicator

You can't. See here for all the options you can do via the CLI:
http://docs.splunk.com/Documentation/Splunk/6.2.5/Data/MonitorfilesanddirectoriesusingtheCLI

Adding a blacklist isn't one of them. You could probably do it with some regex/sed-magic. You could search for you particular monitoring stanza and add the blacklist line underneath it and then restart splunk. This should help: http://stackoverflow.com/questions/15559359/insert-line-after-first-match-using-sed

0 Karma
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...