Getting Data In

wildcard in inputs.conf splunktcp stanza?

Path Finder

Hi guys,

Is it possible to limit a splunk receiver via host wildcard.

So curently I have in inputs.conf

I want to limit this strictly to various hosts only: So I can do this in inputs.conf:

How is it now possible to limit this via a wildcard, ie. only receive allow receive for hostnames begining with (whitelist) 'lin' (linux in my case) and not recieve data from a host called 'win01'?

Is this possible?


Splunk Employee
Splunk Employee

Judging from experience and (most importantly) from the inputs.conf.spec file, I don't believe that wildcards are accepted here.

An easy way to test this would be to attempt to set this up with a wildcard, up the log level of the TcpInputProc channel to DEBUG in $SPLUNK_HOME/etc/log.cfg and see what turns up in splunkd.log when you restart splunkd and the input is set up.

Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes and swag!