Hey All,
Trying to setup TCP source to onboard our vendor saas logs in to our onprem splunk. With Cribl can we do IP whitelisting for the TCP source and allow only certain IPs instead of opening it up to public. My setup is onprem so want to see if there are possibilities available in the cribl side.
In Sources > TCP, under Configure > Advanced Settings, there is a section "IP Allowlist Regex".
https://docs.cribl.io/stream/sources-tcp-raw/#advanced-settings
IP allowlist regex: Regex matching IP addresses that are allowed to establish a connection. Defaults to .* (i.e,. all IPs).
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.