I have an inputs.conf stanza that I want to add. I am adding it to monitor all files and sub-directories. Throughout these sub-directories there are .bz2 files that I dont want to ingest. What would be the best way? I was thinking blacklist the bz2 files but that may not be the best way? Maybe there's a better way?
Splunk Docs has good documentation explaining how to whitelist and blacklist file paths. The blacklist and whitelist sections requires custom regex expressions. So yes, there are ways to blacklist all files of a specific file type .bz2 in your case.