×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
jarelloy
Engager
Member since: ‎11-30-2025
‎12-04-2025
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-30-2025
View All

Re: Whitelist specific pod in namespace for Heavy ...

by in Splunk Enterprise
‎12-04-2025 05:32 PM
‎12-04-2025 05:32 PM
thanks so much for help!  ... View more

Whitelist specific pod in namespace for Heavy Forw...

by in Splunk Enterprise
‎11-30-2025 07:03 PM
‎11-30-2025 07:03 PM
I have a namespace, hammy, in k8s with several pods deployed. Out of all the pods, i'd only want the pods with the name "blausy" to be ingested into the Heavy Forwarder. The rest of the logs in other pods should be dropped. How should i do it? Thanks! The log's source is something like source = /var/log/pods/hammy_blausy-api-<uuid>   Inside my props.conf, this is my configuration [source::/var/log/pods/hammy_*] TRANSFORMS-routing = whitelist_blausy_logs, drop_all_logs   transform.conf [whitelist_blausy_logs] SOURCE_KEY = MetaData:Source REGEX = blausy-* DEST_KEY = queue FORMAT = indexQueue [drop_all_logs] REGEX = .* DEST_KEY = queue FORMAT = nullQueue   Edit: at the moment, it's either dropping all the logs in hammy namespace, or ingesting all the logs ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎12-04-2025 05:30 PM