Security

How can I blacklist logs from a source?

ppanchal
Path Finder

We are monitoring logs from the below path

[monitor:///opt/IBMHTTPD85/IHS/.../*]

I want to blacklist all logs from source,

source="/opt/IBMHTTPD85/IHS/logsPRD2/wm_ssl_access_log"

How can I achieve this in the inputs.conf file?

Tags (1)
0 Karma

dineshraj9
Builder

Add -

blacklist = (^/opt/IBMHTTPD85/IHS/logsPRD2/wm_ssl_access_log$)
0 Karma

ppanchal
Path Finder

Can I directly write the path instead of using regular expressions under blacklist?

0 Karma

ppanchal
Path Finder

This did not work, I am still seeing the logs from the source.

Any other suggestions?

0 Karma
Get Updates on the Splunk Community!

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Index This | What goes away as soon as you talk about it?

May 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this month’s ...

What's New in Splunk Observability Cloud and Splunk AppDynamics - May 2025

This month, we’re delivering several new innovations in Splunk Observability Cloud and Splunk AppDynamics ...