Team,
I would like assistance with creating regex,specifically to blacklist 1 host name - happens to be the spunk server- very noisy.
Alternately would like direction to site or resource that could help with creation of regex and debugging.
I have had no luck- too many hours to quantify.
This was the best so far- but even as submitted (results all green) regex did not work.
Thank you for the URL-
Respectfully - I had found before- but was of little help.
I am looking for something that breaks regex down(with examples) So that i may understand.
This site was far too esoteric.
To provide a regular expression for you, we need example data with an indication of what is to be selected or ignored.
Where are you wanting to put this blacklist?
Why are you blacklisting Splunk? I know you said it's noisy, but this is an unusual use case. Having Splunk logs available will help with troubleshooting in the future.
Have you tried https://regex101.com?
I will look at the URL provided.
The failing may be on my end (not a programmer in the slightest)
Agreed the host logs may be useful (at sometime) for the moment I need to band-aid a poor install
Many issues - example - data regularly exceeds the 100000 per second limit...
Regardless -
Blacklist = \.(?:log)$ ( this was to blacklist all logs being ingested from splunkd source
I agree with you statement- this however is a "burning building" that i inherited.
i would personally fast fail and start the process over.
The server was stood-up with no planning- targeting hosts that I do not have access to .
So have to accomplish data shaping by blocking data as it is ingested .