A filtering rule that includes one or more members in a set. For example, you can use whitelist rules to tell a forwarder which files to consume when monitoring directories, or you can use whitelists with the deployment server to explicitly select deployment clients.

You can combine whitelist rules with blacklist rules, which specify which members of a set to exclude, to achieve precise filtering. Blacklist rules override whitelist rules.

For more information

In Getting Data In:

In Updating Splunk Enterprise Instances: