Global IP Filters
You can use filter rules to allow or ignore network data capture based on IP address.
Define a whitelist to allow data capture from IP addresses on that list only. Define a blacklist to ignore data capture from IP addressess on the list, and allow data capture from all other IPs.
Whitelist and blacklist IP filters follow these rules:
Whitelist | Blacklist | Filter results |
---|---|---|
No | No | Captures all IPs |
No | Yes | Captures all IPs except blacklist items |
Yes | No | Captures only whitelist IPs |
Yes | Yes | Captures all IPs in whitelist OR IPs not in blacklist |
Each filter entry may be a specific IP (v4 or v6) address, or a range of addresses using the following forms:
- 192.168.2.* (IPv4 octets may use * to indicate wildcard)
- 10.20.30.0/24 (IPv4 CIDR notation)
- 2001:0db8:85a3:0042:1000:8a2e:0370:7300/120 (IPv6 CIDR notation)
For more information, see Include or exclude specific incoming data.
Configure Streams | Distributed Forwarder Management |
This documentation applies to the following versions of Splunk Stream™: 6.4.0, 6.4.1, 6.4.2
Feedback submitted, thanks!