Getting Data In

Splunk Blacklist not working on log files containing .info.


Hi Splunk community,

I have created a custom monitor that I hoped would "blacklist" and exclude from indexing all files in the referenced directory containing .INFO.

I have tested my regex expression on regex101 successfully but still the log files are indexed

Below are the monitors

disabled = 0

Below is example of a .INFO. file that I need to exclude.

Path to log files is /var/log/impalad

-rw-r--r-- 1 impala impala 57421471 Apr 12 10:09

Any feedback would be greatly appreciated


0 Karma
Get Updates on the Splunk Community!

SplunkTrust | Where Are They Now - Michael Uschmann

The Background Five years ago, Splunk published several videos showcasing members of the SplunkTrust to share ...

Admin Your Splunk Cloud, Your Way

Join us to maximize different techniques to best tune Splunk Cloud. In this Tech Enablement, you will get ...

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

Overview Transport Layer Security (TLS) is a security communications protocol that lets two computers, ...