Security

How can I blacklist logs from a source?

ppanchal
Path Finder

We are monitoring logs from the below path

[monitor:///opt/IBMHTTPD85/IHS/.../*]

I want to blacklist all logs from source,

source="/opt/IBMHTTPD85/IHS/logsPRD2/wm_ssl_access_log"

How can I achieve this in the inputs.conf file?

Tags (1)
0 Karma

dineshraj9
Builder

Add -

blacklist = (^/opt/IBMHTTPD85/IHS/logsPRD2/wm_ssl_access_log$)
0 Karma

ppanchal
Path Finder

Can I directly write the path instead of using regular expressions under blacklist?

0 Karma

ppanchal
Path Finder

This did not work, I am still seeing the logs from the source.

Any other suggestions?

0 Karma
Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...