Solved: Splunk 9 blacklist or denylist?

TheEggi98 · ‎08-11-2023

Did the blacklist/whitelist got replaced by denylist/allowlist in Splunk 9?

In some Blogs i read that Splunk 9 replaced blacklist with denylist? Or is blacklist still usable?

In the Changelogs of Splunk 9 i didnt found any evidence for the change, but the Splexicon and some Blogs say something different.

https://docs.splunk.com/Splexicon:Denylist
https://www.splunk.com/en_us/blog/leadership/biased-language-has-no-place-in-tech-a-follow-up.html?l...

Thanks for explanation 🙂

isoutamo · ‎08-11-2023

Hi

You could/should check what are the currently used versions on your installation. There are in directory $SPLUNK_HOME/etc/system/README/<conf file>.conf.spec, where are known configurations.

With quick check it seems that e.g. inputs.conf still known white- and blacklists.

You could also check these from Splunk Docs e.g. https://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf

r. Ismo

View solution in original post

isoutamo · ‎08-11-2023

Hi

You could/should check what are the currently used versions on your installation. There are in directory $SPLUNK_HOME/etc/system/README/<conf file>.conf.spec, where are known configurations.

With quick check it seems that e.g. inputs.conf still known white- and blacklists.

You could also check these from Splunk Docs e.g. https://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf

r. Ismo

Splunk 9 blacklist or denylist?

blacklist

inputs.conf

whitelist

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector