Having some trouble blacklisting a folder that has multiple dynamic subfolders and files. I want to blacklist everything for dir1 including files and any subfolders which are created dynamically. Splunk 8.x host is Linux.
I want to blacklist everything here /var/log/dir1
Example paths
/var/log/dir1/file1.log
/var/log/dir1/dir2/otherfile.log
Currently trying this syntax, but it's not working. I do have another blacklist item that seems to be working and it is blacklist2 which is why I'm numbering the blacklists.
blacklist1 = .*dir1.*
blacklist2 = otheritem
I got it to work. Here's what's working for me.
blacklist = dir1|dir2|\.log$
I got it to work. Here's what's working for me.
blacklist = dir1|dir2|\.log$
Hi @mikefg
can you try follow
[blacklist:///var/log/dir1/.../*.log]
OR
[blacklist:///var/log/dir1/.../]