Re: How to develop a regular expression that will ...

ppanchal · ‎05-05-2017

Below is my monitoring path

[monitor:///wasapps/WAS85/logs/restconnect_alppapp102was85Node01]

I want to blacklist the below files

/wasapps/WAS85/logs/restconnect_alppapp102was85Node01/restConnectApp.log
/wasapps/WAS85/logs/restconnect_alppapp102was85Node01/restConnectPerformance.log

I have tried the below regex, but none of them worked.

[monitor:///wasapps/WAS85/logs/restconnect_alppapp102was85Node01]
blacklist = restConnect*\.(log)$
blacklist = restConnect[App|Performance]\.(log)$

Can someone please help?

ddrillic · ‎05-06-2017

Some cheerful examples in the documentation at Whitelist- or blacklist-specific incoming data

It shows -

ckunath · ‎05-05-2017

blacklist = restConnect.*\.log$

This should blacklist every file that starts with "restConnect" and ends with .log

ppanchal · ‎05-05-2017

I guess this did not work.
Any other solution?

ckunath · ‎05-06-2017

Oh, my bad. Try

blacklist = .*restConnect.*\.log$

How to develop a regular expression that will blacklist my log paths in inputs.conf?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Monitoring AI Agents with Splunk Observability Cloud

Join the Conversation