Getting Data In

How to blacklist a single source path on a universal forwarder?

Builder

I have the monitor stanza on one of my Universal Forwarders.....I tried to blacklist a particular JVM from which the logs are not required to be monitored. Any help would be appreciated on this.

inputs.conf

    [monitor:///opt/server/webservers/*/logs/access*.log]
    sourcetype=access_logs
    blacklist=\/opt\/server\/webservers\/JVM_DEV\/logs\/access*\.log
    crcSalt = <SOURCE>
    index=devint2
0 Karma
1 Solution

Builder

some how this worked for me as my logs might be in 2 different formats

/opt/server/webservers/JVM_DEV/logs/access.20160203000000.log
/opt/server/webservers/JVM_DEV/logs/access20160203000000.log

blacklist=\/opt\/server\/webservers\/JVM_DEV\/logs\/access\.?\d+\.log

View solution in original post

0 Karma

Builder

some how this worked for me as my logs might be in 2 different formats

/opt/server/webservers/JVM_DEV/logs/access.20160203000000.log
/opt/server/webservers/JVM_DEV/logs/access20160203000000.log

blacklist=\/opt\/server\/webservers\/JVM_DEV\/logs\/access\.?\d+\.log

View solution in original post

0 Karma

Ultra Champion

.? takes care of the optional dot...

0 Karma

Esteemed Legend

Like this:

    blacklist=\/opt\/server\/webservers\/JVM_DEV\/logs\/access[^\.]*\.log
0 Karma