Solved: how to exclude indexing files starts with dot (.) ...

dhavamanis · ‎09-02-2014

Can you please tell us, how to exclude files for indexing starts with dot (.) and ending with .swp.

currently we are using the command like below

./splunk add monitor /var/log/ -index abc sourcetype xyz

kristian_kolb · ‎09-02-2014

locate the monitor stanza in inputs.conf (there can/will be more than one inputs.conf file), and make it like so;

[monitor:///var/log/]
index=abc
sourcetype=xyz
blacklist = /\.[^\\/]+\.swp$

/K

View solution in original post

kristian_kolb · ‎09-02-2014

locate the monitor stanza in inputs.conf (there can/will be more than one inputs.conf file), and make it like so;

[monitor:///var/log/]
index=abc
sourcetype=xyz
blacklist = /\.[^\\/]+\.swp$

/K

dhavamanis · ‎09-22-2014

Can you please tell me how to avoid any filename starts with dot (.)? some the temp files also getting indexed with machine language format to avoid i want exclude those pattern as well.

how to exclude indexing files starts with dot (.) and ending with .swp?

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

Are you a member of the Splunk Community?

how to exclude indexing files starts with dot (.) and ending with .swp?

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!