Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how to exclude indexing files starts with dot (.) and ending with .swp?

dhavamanis
Builder
‎09-02-2014 08:56 AM

Can you please tell us, how to exclude files for indexing starts with dot (.) and ending with .swp.

currently we are using the command like below

./splunk add monitor /var/log/ -index abc sourcetype xyz

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kristian_kolb
Ultra Champion
‎09-02-2014 09:23 AM

locate the monitor stanza in inputs.conf (there can/will be more than one inputs.conf file), and make it like so;

[monitor:///var/log/]
index=abc
sourcetype=xyz
blacklist = /\.[^\\/]+\.swp$

/K

View solution in original post

Reply
Solved! Jump to solution
Solution

kristian_kolb
Ultra Champion
‎09-02-2014 09:23 AM

locate the monitor stanza in inputs.conf (there can/will be more than one inputs.conf file), and make it like so;

[monitor:///var/log/]
index=abc
sourcetype=xyz
blacklist = /\.[^\\/]+\.swp$

/K

Reply
Solved! Jump to solution

dhavamanis
Builder
‎09-22-2014 08:32 AM

Can you please tell me how to avoid any filename starts with dot (.)? some the temp files also getting indexed with machine language format to avoid i want exclude those pattern as well.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of Splunk APM’s and Splunk RUM’s streaming infrastructure in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...