Hi , I am monitoring a file path , i am ingesting the logs also i am blacklisting some folders in the directory which is working and i am trying to add one more blacklisting path but its not working , what i am doing wrong here ?
[monitor://\xxxx\Logs\Prod...*.log]
blacklist = TaskAudit|webmanager|web_S*.log||enterpriseSecurity*.log|(\\SXXXXX\Logs\Prod\PlatformServices)
i wanna blacklist the last one platform services log but cant able to do it , tried to add a regex but nothing working.
Looks like you have two pipes in the middle || - not sure if Splunk will just ignore that or if it will cause issues.
blacklist = TaskAudit|webmanager|web_S*.log|enterpriseSecurity*.log|PlatformServices$
As a strategy, I rarely use whitelists or blacklists unless absolutely necessary. Usually it is more work to configure, and often results in Splunk working harder to scan the directories/files it's trying to monitor. I would first attempt to use the implicit whitelist in your monitoring stanza even if you have to create 2 or 3. It also makes it simple to test with a simple dir command on Windows or ls command on Unix in most cases.
i.e.
[monitor://\\xxxx\Logs\Prod_something_more_specific_here*.log]
Looks like you have two pipes in the middle || - not sure if Splunk will just ignore that or if it will cause issues.
blacklist = TaskAudit|webmanager|web_S*.log|enterpriseSecurity*.log|PlatformServices$
As a strategy, I rarely use whitelists or blacklists unless absolutely necessary. Usually it is more work to configure, and often results in Splunk working harder to scan the directories/files it's trying to monitor. I would first attempt to use the implicit whitelist in your monitoring stanza even if you have to create 2 or 3. It also makes it simple to test with a simple dir command on Windows or ls command on Unix in most cases.
i.e.
[monitor://\\xxxx\Logs\Prod_something_more_specific_here*.log]
yes its works thanks its because of two pipes i tried with a single pipe and got worked.
Would help if you have an actual directory listing.