Splunk Stream

User Manual

Use Global IP filters

You can use filter rules to allow or ignore network data capture based on IP address.

Define a list that limits data capture to IP addresses on that list. Define a Deny that ignores data capture from IP addresses on the list and allow data capture from all other IPs.

Allow list and Deny list IP filters follow these rules:

Allow list Deny list Filter results
No No Captures all IPs
No Yes Captures all IPs except blocked items
Yes No Captures only allowed IPs
Yes Yes Captures all allowed IPs or IPs not on deny list

Each filter entry can be a specific IP (v4 or v6) address, or a range of addresses using the following forms:

  • 192.168.2.* (IPv4 octets may use * to indicate wildcard)
  • 10.20.30.0/24 (IPv4 CIDR notation)
  • 2001:0db8:85a3:0042:1000:8a2e:0370:7300/120 (IPv6 CIDR notation)

For more information, see Include or exclude specific incoming data.

Last modified on 03 March, 2022
Stream aggregation methods   Distributed Forwarder Management

This documentation applies to the following versions of Splunk Stream: 8.0.1, 8.0.2, 8.1.0, 8.1.1, 8.1.3


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters