Splunk Stream

User Manual

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk Stream. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Use Global IP filters

You can use filter rules to allow or ignore network data capture based on IP address.

Define a list to allow data capture from IP addresses on that list only. Define a deny list to ignore data capture from IP addresses on the list, and allow data capture from all other IPs.

Allow list and deny list IP filters follow these rules:

Allow list Deny list Filter results
No No Captures all IPs
No Yes Captures all IPs except blocked items
Yes No Captures only allowed IPs
Yes Yes Captures all allowed IPs or IPs not on deny list

Each filter entry can be a specific IP (v4 or v6) address, or a range of addresses using the following forms:

  • 192.168.2.* (IPv4 octets may use * to indicate wildcard)
  • 10.20.30.0/24 (IPv4 CIDR notation)
  • 2001:0db8:85a3:0042:1000:8a2e:0370:7300/120 (IPv6 CIDR notation)

For more information, see Include or exclude specific incoming data.

Last modified on 13 June, 2020
PREVIOUS
Stream aggregation methods
  NEXT
Distributed Forwarder Management

This documentation applies to the following versions of Splunk Stream: 7.1.2, 7.1.3, 7.2.0


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters