Splunk IT Service Intelligence
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can you help with RegEx for whitelist/blacklist?

khickey
New Member
‎09-14-2018 06:36 AM

I need help with the regex syntax to whitelist, whitelist*.log, blacklist*.log and blacklist.prev.log files when monitoring a directory.

Thanks

0 Karma
Reply

mstjohn_splunk
Splunk Employee
Splunk Employee
‎09-14-2018 12:57 PM

@khickey

Thanks for posting. Could you give us some more context for your query? You have a much better chance of getting your question answered if you provide more information about your issue. Plus, it will help guide future community users who are facing a similar problem.

0 Karma
Reply

harsmarvania57
SplunkTrust
SplunkTrust
‎09-14-2018 07:42 AM

Hi @khickey,

Do you mean to say you want Splunk Universal Forwarder configuration to monitor certain files.

If that is the case, then you can do below configuration in inputs.conf on UF

[monitor://<yourdirectory>]
whitelist = (?:whitelist|blacklist).*\.log
index = yourindex

Here is regex with sample data https://regex101.com/r/MkDFOC/1

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...