Hi all,
What's the exact way we can use blacklist in the inputs.conf file? Below is my example, and I am not sure if I should use regex or the path directly.
[monitor://C:\Program Files\Splunk*\etc...*.conf]
disabled = false
sourcetype = Conf
blacklist://C:\Program Files\Splunk*\etc...\app.conf
this stanza is to index all the Splunk config files. But I wanted to ignore the app.conf file under the same path. And also what's the correct format to use a second blacklist for another path?
Thank you all.
The blacklist
configuration actually points to a regular expression so the following should work -
blacklist = C:\\Program Files\\Splunk.*\\etc.*\\app\.conf
@DalJeanis spoke about it at Unable to blacklist multiple patterns using "|" in inputs.conf ?
It shows there how to use multiple regular expressions using the |
sign.