Getting Data In

Is there a way to use an external list file to whitelist or blacklist hosts in serverclass.conf?

Susannajuurinen
Explorer

Is there a way to use external lists with whitelist filtering? For example if I had systems A and B with several hosts, could I create a list like hosts.txt and then refer to that list and its content? Something like below:

whitelist.0 = hosts.txt systemB

hosts.txt
[systemA]
host1
host2

[systemB]
host3
host4

Thanks for any help!

0 Karma

regriffith
Path Finder

I use this for managing a large number of hosts. In one case I temporarily used it with up to a nine thousand host entries.

Entry in the serverclass.conf

[serverClass:specific_host]
whitelist.from_pathname = etc/system/local/host.txt
restartSplunkd = 1

lguinn2
Legend

AFAIK, you can't do that for serverclass.conf

0 Karma

Susannajuurinen
Explorer

Thanks Lisa,

Do you know if that kind of a feature is added to Splunk in the future? It would make managing the serverclass.conf (and other confs too) a lot more easier if hosts could be centrally grouped.

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...