I am attempting to monitor all the log with the word access.
But exclude one particular log file.
Here is my inputs.conf
[monitor:///var/log/nginx/*access*log]
index = nginx
sourcetype = access_combined
disabled = false
blacklist = app.domain.com.access.https.log
Can I specify the log file literally?
Hi hkkenderson,
blacklist
is using regex to match, therefore you should use \.
instead of just .
. Try this:
blacklist = app\.domain\.com\.access\.https\.log
This assues you want to literally match one dot and not just anything one time.
Hope this helps ...
cheers, MuS