When configuring monitor inputs with whitelists or blacklists, what is the supported method of filtering the lists?
When configuring monitor inputs with whitelists or blacklists, what is the supported method of filtering the lists?
When configuring monitor inputs with whitelists or blacklists in Splunk, the supported method of filtering the lists is Regular expression. This allows for precise and flexible pattern matching to include or exclude specific incoming data based on defined criteria.
B. Regular expression
B. Regular Expression - Page 123 - Data Admin PDF.
Correction: D wildcards is incorrect as it says wildcards only so Regular Expressions is correct.
B. Regular expression Data Admin course, page 123
B is correct
https://docs.splunk.com/Documentation/Splunk/latest/Data/Whitelistorblacklistspecificincomingdata#Include_or_exclude_specific_incoming_data is a better reference
Agreed B. Quoting the reference URL "When you define filter entries, you must use exact regular expression syntax."
D. Wildcards: clientName is a logical or tag name that can be assigned to a deployment client in deploymentclient.conf. ipAddress is the IP address of the deployment client. Can use wildcards, such as 10.1.1.* DNSname is the DNS name of the deployment client. Can use wildcards, such as *.ops.yourcompany.com hostname is the host name of deployment client. Can use wildcards, such as *.splunk.com instanceId is the instanceId of the client. This is a GUID string, for example: ffe9fe01-a4fb-425e-9f63-56cc274d7f8b.