Using cribl TCP source can we whitelist IP addresses

Dhevasenapathy R S

Hey All,

Trying to setup TCP source to onboard our vendor saas logs in to our onprem splunk. With Cribl can we do IP whitelisting for the TCP source and allow only certain IPs instead of opening it up to public. My setup is onprem so want to see if there are possibilities available in the cribl side.

Tony Reinke

In Sources > TCP, under Configure > Advanced Settings, there is a section "IP Allowlist Regex".

https://docs.cribl.io/stream/sources-tcp-raw/#advanced-settings

IP allowlist regex: Regex matching IP addresses that are allowed to establish a connection. Defaults to .* (i.e,. all IPs).