Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

whitelist directories inputs.conf

nmohammed
Builder
‎08-06-2018 12:57 PM

We've ~1000 directories in path and we want to monitor only a few selected directories. I tried to use the whitelist, voiding multiple monitoring stanzas. But it doesn't seem to work. I have verified this by running ./splunk list monitor on the forwarder. Here BX187898, BX676909 are directories in /enc_logs-ep3/bker and have log files in those directories.

Need assistance with the whitelist directories. I have tried with two directories, but I will have a few more added.

[monitor:///enc_logs-ep3/bker]
disabled = false
index = enc_logs
whitelist = (BX187898|BX676909)
host_regex = \S+(EP.*).\d{4}
sourcetype = enc
ignoreOlderThan = 3d

Thanks

0 Karma
Reply

deepashri_123
Motivator
‎08-07-2018 02:43 AM

You can refer this link:
https://docs.splunk.com/Documentation/Splunk/7.1.2/Data/Whitelistorblacklistspecificincomingdata

Can you cross check your regex?
Let me know if this helps!!

0 Karma
Reply

somesoni2
Revered Legend
‎08-06-2018 02:14 PM

Can you give some sample full path of files that you want to monitor and some that you don't?

0 Karma
Reply

nmohammed
Builder
‎08-06-2018 02:20 PM

Thanks @somesoni2

here's a sample path path -

/enc_logs-en3/bker/BX187898/EncServer. BX187898.ENC5VEABE100934.2018-08-06-14.log

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...