Solved: Splunk 9 blacklist or denylist?

TheEggi98 · ‎08-11-2023

Did the blacklist/whitelist got replaced by denylist/allowlist in Splunk 9?

In some Blogs i read that Splunk 9 replaced blacklist with denylist? Or is blacklist still usable?

In the Changelogs of Splunk 9 i didnt found any evidence for the change, but the Splexicon and some Blogs say something different.

https://docs.splunk.com/Splexicon:Denylist
https://www.splunk.com/en_us/blog/leadership/biased-language-has-no-place-in-tech-a-follow-up.html?l...

Thanks for explanation 🙂

isoutamo · ‎08-11-2023

Hi

You could/should check what are the currently used versions on your installation. There are in directory $SPLUNK_HOME/etc/system/README/<conf file>.conf.spec, where are known configurations.

With quick check it seems that e.g. inputs.conf still known white- and blacklists.

You could also check these from Splunk Docs e.g. https://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf

r. Ismo

View solution in original post

isoutamo · ‎08-11-2023

Hi

You could/should check what are the currently used versions on your installation. There are in directory $SPLUNK_HOME/etc/system/README/<conf file>.conf.spec, where are known configurations.

With quick check it seems that e.g. inputs.conf still known white- and blacklists.

You could also check these from Splunk Docs e.g. https://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf

r. Ismo

Splunk 9 blacklist or denylist?

blacklist

inputs.conf

whitelist

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...