Splunk Stream

Installation and Configuration Manual

Download manual as PDF

This documentation does not apply to the most recent version of StreamApp. Click here for the latest version.
Download topic as PDF

Global IP Filters

You can use whitelist and blacklist filter rules to allow or ignore network data capture based on IP address.

Define a whitelist to allow data capture from IP addresses on that list only. Define a blacklist to ignore data capture from IP addressess on the list, and allow data capture from all other IPs.

Whitelist and blacklist IP filters follow these rules:

Whitelist Blacklist Filter results
No No Captures all IPs
No Yes Captures all IPs except blacklist items
Yes No Captures only whitelist IPs
Yes Yes Captures all IPs in whitelist OR IPs not in blacklist

Each filter entry may be a specific IP (v4 or v6) address, or a range of addresses using the following forms:

  • 192.168.2.* (IPv4 octets may use * to indicate wildcard)
  • (IPv4 CIDR notation)
  • 2001:0db8:85a3:0042:1000:8a2e:0370:7300/120 (IPv6 CIDR notation)

For more information, see Whitelist or blacklist specific incoming data.

Streams Config
Distributed Forwarder Management

This documentation applies to the following versions of Splunk Stream: 6.3.0, 6.3.1, 6.3.2

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters