Interested to Buy Any Domain ? << Click Here >> for more details...
How to exclude some events from being indexed by splunk?
- 1 Answers
- 362 Views
- I also Faced
- E-Mail Answers
Answer / Zenia Malhotra
To exclude some events from being indexed by Splunk, you can use the drop_rm event command in a custom input configuration file or an input search. This command tells Splunk not to index specific events that match certain criteria. For example, you could drop events containing sensitive information or duplicate data.
| Is This Answer Correct ? | 0 Yes | 0 No |
Explain map-reduce algorithm?
What is the difference between search time and index time field extractions?
What is a splunk forwarder and what are types of splunk forwarder?
Explain the working of splunk?
How are forwarder licenses purchased?
What is a stat command?
How to adds summary statistics to all results in a streaming manner?
Explain how indexer stores various indexes?
What is the use of time zone property in splunk?
Why is splunk used for analyzing machine data?
What is the difference between index time and search time?
List out different types of splunk licenses?
JavaScript Frameworks 
