Solved: Can multiple wildcards be used in serverclass.conf...

cloroxx · ‎10-24-2023

Can multiple wildcards be used in serverclass.conf whitelist file?

whitelist.from_pathname = /lookup/host.txt

Examples:

M*WEB*

*WBS*

_JP · ‎10-24-2023

You should be able to, although it isn't called out in the docs for serverclass.conf directly.

There are a couple of other configuration parameters you can set to get a bit of logic in the matching, too, if that is helpful:

whitelist.where_field
whitelist.where_equals
blacklist.where_field
blacklist.where_equals

If you think the docs are unclear and should include a multiple wildcard example, then I suggest submitting feedback via the form at the bottom of every Splunk docs page. That team has always been responsive for improving the documentation.

View solution in original post

cloroxx · ‎10-24-2023

Thanks @_JP. My goal was to account for servers in two data centers with identical names except the 2nd character which designates the datacenter and avoid having to maintain separate host files for each data center. I know the trailing wildcard works, I just wasn't sure if adding a wildcard at the beginning or in the middle would work.

_JP · ‎10-24-2023

You should be able to, although it isn't called out in the docs for serverclass.conf directly.

There are a couple of other configuration parameters you can set to get a bit of logic in the matching, too, if that is helpful:

whitelist.where_field
whitelist.where_equals
blacklist.where_field
blacklist.where_equals

If you think the docs are unclear and should include a multiple wildcard example, then I suggest submitting feedback via the form at the bottom of every Splunk docs page. That team has always been responsive for improving the documentation.

Can multiple wildcards be used in serverclass.conf whitelist

lookup

Other

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services