Security

How can I blacklist logs from a source?

ppanchal
Path Finder

We are monitoring logs from the below path

[monitor:///opt/IBMHTTPD85/IHS/.../*]

I want to blacklist all logs from source,

source="/opt/IBMHTTPD85/IHS/logsPRD2/wm_ssl_access_log"

How can I achieve this in the inputs.conf file?

Tags (1)
0 Karma

dineshraj9
Builder

Add -

blacklist = (^/opt/IBMHTTPD85/IHS/logsPRD2/wm_ssl_access_log$)
0 Karma

ppanchal
Path Finder

Can I directly write the path instead of using regular expressions under blacklist?

0 Karma

ppanchal
Path Finder

This did not work, I am still seeing the logs from the source.

Any other suggestions?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...