Re: How to develop a regular expression that will ...

ppanchal · ‎05-05-2017

Below is my monitoring path

[monitor:///wasapps/WAS85/logs/restconnect_alppapp102was85Node01]

I want to blacklist the below files

/wasapps/WAS85/logs/restconnect_alppapp102was85Node01/restConnectApp.log
/wasapps/WAS85/logs/restconnect_alppapp102was85Node01/restConnectPerformance.log

I have tried the below regex, but none of them worked.

[monitor:///wasapps/WAS85/logs/restconnect_alppapp102was85Node01]
blacklist = restConnect*\.(log)$
blacklist = restConnect[App|Performance]\.(log)$

Can someone please help?

ddrillic · ‎05-06-2017

Some cheerful examples in the documentation at Whitelist- or blacklist-specific incoming data

It shows -

ckunath · ‎05-05-2017

blacklist = restConnect.*\.log$

This should blacklist every file that starts with "restConnect" and ends with .log

ppanchal · ‎05-05-2017

I guess this did not work.
Any other solution?

ckunath · ‎05-06-2017

Oh, my bad. Try

blacklist = .*restConnect.*\.log$

How to develop a regular expression that will blacklist my log paths in inputs.conf?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation