Security

How can I blacklist logs from a source?

ppanchal
Path Finder

We are monitoring logs from the below path

[monitor:///opt/IBMHTTPD85/IHS/.../*]

I want to blacklist all logs from source,

source="/opt/IBMHTTPD85/IHS/logsPRD2/wm_ssl_access_log"

How can I achieve this in the inputs.conf file?

Tags (1)
0 Karma

dineshraj9
Builder

Add -

blacklist = (^/opt/IBMHTTPD85/IHS/logsPRD2/wm_ssl_access_log$)
0 Karma

ppanchal
Path Finder

Can I directly write the path instead of using regular expressions under blacklist?

0 Karma

ppanchal
Path Finder

This did not work, I am still seeing the logs from the source.

Any other suggestions?

0 Karma
Get Updates on the Splunk Community!

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...