Global IP Filters
You can use filter rules to allow or ignore network data capture based on IP address.
Define a whitelist to allow data capture from IP addresses on that list only. Define a blacklist to ignore data capture from IP addressess on the list, and allow data capture from all other IPs.
Whitelist and blacklist IP filters follow these rules:
|No||No||Captures all IPs|
|No||Yes||Captures all IPs except blacklist items|
|Yes||No||Captures only whitelist IPs|
|Yes||Yes||Captures all IPs in whitelist OR IPs not in blacklist|
Each filter entry may be a specific IP (v4 or v6) address, or a range of addresses using the following forms:
- 192.168.2.* (IPv4 octets may use * to indicate wildcard)
- 10.20.30.0/24 (IPv4 CIDR notation)
- 2001:0db8:85a3:0042:1000:8a2e:0370:7300/120 (IPv6 CIDR notation)
For more information, see Include or exclude specific incoming data.
This documentation applies to the following versions of Splunk Stream™: 6.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2