I've been using the beleaf app to develop my Splunk knowledge. I've noticed that I am unable to control the Sources and Hosts. Is there a way to limit (aside from a search query) to prevent unwanted data in my results? Thanks!!
mayurr98, Thank you for your response. I will work on this over the weekend and get back to you. Thanks!!!
hey @ericrdecker There are two ways to do this:
1)One way to prevent unwanted data is Discard specific events and keep the rest
Discard specific events and keep the rest
have a look at this doc http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Forwarding/Routeandfilterdatad#Discard_specif...
2) Another way is to blacklist the files at index time and index only specific file you want! Refer this doc for the same https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Data/Whitelistorblacklistspecificincomingdat...
blacklist
let me know if this helps!
