Can you please tell us, how to exclude files for indexing starts with dot (.) and ending with .swp.
currently we are using the command like below
./splunk add monitor /var/log/ -index abc sourcetype xyz
locate the monitor stanza in inputs.conf (there can/will be more than one inputs.conf file), and make it like so;
blacklist = /\.[^\\/]+\.swp$
View solution in original post
Can you please tell me how to avoid any filename starts with dot (.)? some the temp files also getting indexed with machine language format to avoid i want exclude those pattern as well.