I've been using the beleaf app to develop my Splunk knowledge. I've noticed that I am unable to control the Sources and Hosts. Is there a way to limit (aside from a search query) to prevent unwanted data in my results? Thanks!!
mayurr98, Thank you for your response. I will work on this over the weekend and get back to you. Thanks!!!
There are two ways to do this:
1)One way to prevent unwanted data is Discard specific events and keep the rest
Discard specific events and keep the rest
have a look at this doc
2) Another way is to blacklist the files at index time and index only specific file you want!
Refer this doc for the same
let me know if this helps!