IP based black list in Serverclass.conf does not w...

habeebkaradan · ‎05-04-2020

Hi,
I am trying to push app based on IP subnet whitelist and blacklist, while whitelist subnets are working perfectly alright, whatever put with blacklist. is not working as expected, because I can see application is getting deployed to subnets in blacklist as well. Here is the configuration

===================================
[serverClass:PROD_IP_RANGE]
machineTypesFilter = windows-x64
blacklist.0 = ^10.50.100.\d+$
whitelist.0 = ^10.50.\d+.\d+$

[serverClass:PROD_IP_RANGE:app:TestApp]
restartSplunkWeb = 0
restartSplunkd = 1
stateOnClient = enabled

==============================

expected behaviour is TestApp should get deployed to all Windows hosts in 10.50.0.0/16 subnets except hosts in 10.50.100.0/24, but I can see app gets deployed to hosts in 10.50.100.0/24 subnet as well

richgalloway · ‎05-04-2020

The whitelist and blacklist attributes use patterns in their values rather than regular expressions. Try

blacklist.0 = 10.50.100.*
whitelist.0 = 10.50.*

---
If this reply helps you, Karma would be appreciated.

IP based black list in Serverclass.conf does not work

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Painting a Clearer Picture: Creating Cross-Domain Visibility with AI Canvas

Analytics Workspace deprecation

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

Join the Conversation