A filtering rule that includes one or more members in a set. For example, you can use allow list rules to tell a forwarder which files to consume when monitoring directories, or you can use allow list rules with the deployment server to explicitly select a deployment client.
You can combine allow list rules with deny list rules, which specify which members of a set to exclude, to achieve precise filtering.
Deny list rules override allow list rules.
The term "allow list" replaces the term "whitelist", which is no longer in use. Both terms refer to the same functionality.
For more information
In Getting Data In:
In Updating Splunk Enterprise Instances: