Solved: Blacklist inputs.conf is not working..

jay_s · ‎01-25-2021

Greetings!

I am dealing with following directory structure;

var/log/myfolder/log-type_a.log
var/log/myfolder/log-type_b.log
var/log/myfolder/log-type_b1.log
var/log/myfolder/log-type_b2.log
var/log/myfolder/log-type_c.log

I want block log-type_b.log,log-type_b1.log, log-type_b2.log

My inputs.conf

[default]
index = my_default_index
[blacklist:/var/log/myfolder/log-type_b*]

I have tried different variations for blacklist

[blacklist:///var/log/myfolder/log-type_b*]

The above blacklist stanza is not working. Please let me know what am I missing.

jay_s · ‎01-25-2021

after trying few options
[blacklist:/var/log/myfolder/log-type_b]

seems to be working

View solution in original post

ericjorgensenjr · ‎01-25-2021

Try this.

inputs.conf:

[monitor:///var/log/myfolder/]
index = my_default_index
blacklist = log-type_b

jay_s · ‎01-25-2021

after trying few options
[blacklist:/var/log/myfolder/log-type_b]

seems to be working

Blacklist inputs.conf is not working..

blacklist

inputs.conf

monitor

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Join the Conversation