I have a issue blacklisting a specific file "voipcall_wcas1.cdr.2016-10-12-17" the filename changes everyday as it follows the dates. It does not really have an extension. This part of the file name does not change "voipcall_wcas1.cdr."
Can somebody help me.
Thank you
Edit the inputs.conf for the app you're working in, (SPLUNK-HOME/etc/apps/search/local/inputs.conf would be the path for the default search app)
Now to ignore the voipcall_wcas1.cdr files, you simply add a blacklist to the same input.conf,
[monitor:///directory/directory2/]
disabled = false
index = main
_blacklist = voipcall_wcas1.cdr*
As long as you don't want ANY of the "voipcall_wcas1.cdr." files you could just add "voipcall_wcas1.cdr.*" to the blacklist.
Apparently, I cant submit this as an answer because I have less than 40 rep points.