The action of limiting a set of events, or fields within events, by applying criteria to them.
- In the context of searching, you can construct searches that filter search results to remove events or fields.
Certain configuration files, such as
serverclass.conf, provide attributes that you can use to define whitelist and blacklist filtering rules.
For more information
In the Search Manual:
In Forwarding Data:
In Updating Splunk Enterprise Instances:
In Getting Data In: