Security

How can I blacklist logs from a source?

ppanchal
Path Finder

We are monitoring logs from the below path

[monitor:///opt/IBMHTTPD85/IHS/.../*]

I want to blacklist all logs from source,

source="/opt/IBMHTTPD85/IHS/logsPRD2/wm_ssl_access_log"

How can I achieve this in the inputs.conf file?

Tags (1)
0 Karma

dineshraj9
Builder

Add -

blacklist = (^/opt/IBMHTTPD85/IHS/logsPRD2/wm_ssl_access_log$)
0 Karma

ppanchal
Path Finder

Can I directly write the path instead of using regular expressions under blacklist?

0 Karma

ppanchal
Path Finder

This did not work, I am still seeing the logs from the source.

Any other suggestions?

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...