Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Using Splunk on a Mac - Currently Have Over 5,000 Sources - Help!

ericrdecker
New Member
‎01-22-2018 02:30 PM

I've been using the beleaf app to develop my Splunk knowledge. I've noticed that I am unable to control the Sources and Hosts. Is there a way to limit (aside from a search query) to prevent unwanted data in my results? Thanks!!

Tags (1)
0 Karma
Reply

ericrdecker
New Member
‎01-26-2018 08:21 AM

mayurr98, Thank you for your response. I will work on this over the weekend and get back to you. Thanks!!!

0 Karma
Reply

mayurr98
Super Champion
‎01-22-2018 10:31 PM

hey @ericrdecker
There are two ways to do this:

1)One way to prevent unwanted data is Discard specific events and keep the rest

have a look at this doc
http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Forwarding/Routeandfilterdatad#Discard_specif...

2) Another way is to blacklist the files at index time and index only specific file you want!
Refer this doc for the same
https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Data/Whitelistorblacklistspecificincomingdat...

let me know if this helps!

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...