I have a new splunk instance and I am seeing log entries for the splunk cloud host logs with host names:
dx* idx-i-* sh-i-* c0m1-i-*
Is it possible to remove these entries from default searches in the UI?
Hey
You can build a macro if this is something which is repetitive and you want to perform for every search. Refer below doc to build a macro. http://docs.splunk.com/Documentation/Splunk/7.0.3/Knowledge/Definesearchmacros
Build a macro with the following query
index=<your_index> NOT host IN (dx*,idx-i-,sh-i-,c0m1-i-*)
let me know if this helps!
You can using NOT operator and specify the list of host name (use can use wildcard) you want to exclude
NOT
query will be like ,
index=* NOT (host="dx*" OR host="idx-i-" OR host="sh-i-" OR host="c0m1-i-*")
