How to develop a regular expression that will blac...

ppanchal · ‎05-05-2017

Below is my monitoring path

[monitor:///wasapps/WAS85/logs/restconnect_alppapp102was85Node01]

I want to blacklist the below files

/wasapps/WAS85/logs/restconnect_alppapp102was85Node01/restConnectApp.log
/wasapps/WAS85/logs/restconnect_alppapp102was85Node01/restConnectPerformance.log

I have tried the below regex, but none of them worked.

[monitor:///wasapps/WAS85/logs/restconnect_alppapp102was85Node01]
blacklist = restConnect*\.(log)$
blacklist = restConnect[App|Performance]\.(log)$

Can someone please help?

ddrillic · ‎05-06-2017

Some cheerful examples in the documentation at Whitelist- or blacklist-specific incoming data

It shows -

ckunath · ‎05-05-2017

blacklist = restConnect.*\.log$

This should blacklist every file that starts with "restConnect" and ends with .log

ppanchal · ‎05-05-2017

I guess this did not work.
Any other solution?

ckunath · ‎05-06-2017

Oh, my bad. Try

blacklist = .*restConnect.*\.log$

How to develop a regular expression that will blacklist my log paths in inputs.conf?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation