Is there any way to use the CLI to configure the blacklist (in inputs.conf) file? The docs seem to indicate no... but I'm hopeful that I've missed something. ./splunk help edit required parameters: (For edit monitor) source path to a file or directory whose contents should be indexed by the Splunk server, and then watched for new input. The Splunk server unpacks tarfiles and compressed files. optional parameters: (For edit monitor) sourcetype source type value to set for events from the source index a local Splunk index to place events from the source hostname host name to set as the host value hostregex regular expression of file path to set as the host value hostsegmentnum number of segments in the file path to set as the host value follow-only only read from the end of the file (True|False, default=False) ... View more