Getting Data In

How to add blacklist in inputs.conf file using Linux Command

Explorer

Hi ,

We have a Splunk forwarder installed on a Linux platform. I have already added the monitor details in inputs.conf file. Now I want to avoid the files which have "test" in the name. So I need to add blacklist = test in inputs.conf file. Please let me know how to add it.

e;g ./splunk edit monitor

0 Karma

Communicator

You can't. See here for all the options you can do via the CLI:
http://docs.splunk.com/Documentation/Splunk/6.2.5/Data/MonitorfilesanddirectoriesusingtheCLI

Adding a blacklist isn't one of them. You could probably do it with some regex/sed-magic. You could search for you particular monitoring stanza and add the blacklist line underneath it and then restart splunk. This should help: http://stackoverflow.com/questions/15559359/insert-line-after-first-match-using-sed

0 Karma