×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Tinza
Loves-to-Learn
Member since: ‎03-09-2023
‎11-02-2023
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-09-2023
Activity Feed
Topics I've Started
No posts to display.
View All

Re: How to Blacklist a Forwarder

by in Getting Data In
‎03-22-2023 07:55 AM
‎03-22-2023 07:55 AM
Hi @kristian_kolb, If I create this in a specific app called e.g twistlock_parsing to remove events coming from host 127.0.0.1 only within a specific index e.g azure_twistlock - will this drop all events across all indexes containing that ip? I only want that IP address dropped in index azure_twistlock. I have already tried the solution from this page: https://community.splunk.com/t5/Getting-Data-In/How-to-blacklist-a-host-hosts-is-sending-logs-to-Splunk-via-TCP/m-p/289283 and it didn't work ... View more

Re: Blacklist a host (hosts is sending logs to Spl...

by in Getting Data In
‎03-09-2023 07:33 AM
‎03-09-2023 07:33 AM
Hi @mayurr98, I have done this, edited the transforms.conf and props.conf to exclude events coming from host 127.0.0.1 on heavy forwarders, restarted splunkd and it did not work. Any help? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎11-02-2023 01:42 PM