- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Using Splunk on a Mac - Currently Have Over 5,000 Sources - Help!
I've been using the beleaf app to develop my Splunk knowledge. I've noticed that I am unable to control the Sources and Hosts. Is there a way to limit (aside from a search query) to prevent unwanted data in my results? Thanks!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
mayurr98, Thank you for your response. I will work on this over the weekend and get back to you. Thanks!!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hey @ericrdecker
There are two ways to do this:
1)One way to prevent unwanted data is Discard specific events and keep the rest
have a look at this doc
http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Forwarding/Routeandfilterdatad#Discard_specif...
2) Another way is to blacklist the files at index time and index only specific file you want!
Refer this doc for the same
https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Data/Whitelistorblacklistspecificincomingdat...
let me know if this helps!
