Problem:
How to filter out specific sources, sourcetypes, and hosts from displaying on my Search Summary page in Splunk?
Sample Data – https://www.devopsschool.com/tutorial/splunk/labs/sample-data/earthquake/all_month_earthquakes.csv
Including or excluding or filter out specific sources, sourcetypes, and hosts in Splunk can be done with following.
- Expressions within parentheses
- NOT clauses
- OR clauses
- AND clauses
Examle QUERY
source="*"
source="all_month_earthquakes.csv"
source="all_month_earthquakes.csv" NOT source="mypc-secruity.csv"
source="mypc-secruity.csv" NOT source="all_month_earthquakes.csv"
NOT source="mypc-secruity.csv" source="all_month_earthquakes.csv"
source="all_month_earthquakes.csv" | search NOT source="mypc-secruity.csv"
source="mypc-secruity.csv" AND source="all_month_earthquakes.csv"
source="mypc-secruity.csv" OR source="all_month_earthquakes.csv"
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I am working at Cotocus. I blog tech insights at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at I reviewed , and SEO strategies at Wizbrand.
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at PINTEREST
Rajesh Kumar at QUORA
Rajesh Kumar at WIZBRAND
