Hi
I have to monitor a specific folder in a certain directory
For example my path is
G:\opdata\my_data\motherfolder\
inside the motherfolder directory, there are sub directories which are
01 Jan 2015
02 Feb 2015
020115
030115
anotherfoldername
anotherfoldername2
I have to monitor the logs with the filenames **sunn.txt* on the directories with the format mmddyy which will match the directories 020115 and 030115
in my inputs.conf, i tried to put
[monitor://G:\opdata\my_data\motherfolder\*\*sunn.txt]
disabled = false
index = myindex
sourcetype = mysc
_TCP_ROUTING=devmay
crcSalt = <SOURCE>
but it doesnt forward anything on my indexer so i tried this one
[monitor://G:\opdata\my_data\motherfolder\...\*sunn.txt]
disabled = false
index = myindex
sourcetype = mysc
_TCP_ROUTING=devmay
crcSalt = <SOURCE>
but the problem here is all the files with sunn.txt were indexed, even files that has the *sunn.txt* in the 01 Jan 2015 and 02 Feb 2015 were indexed.
I'm thinking to use blacklist or whitelist, but I'm having trouble to use them.
Help me pls.
could you please try below
[monitor://G:\opdata\my_data\motherfolder\]
whitelist = \d+\*sunn.txt
If your query is still open, you may use below -
[monitor://G:\opdata\my_data\motherfolder\]
whitelist = \d{6}\*sunn.txt
It still doesnt work ..or does this configuration takes time before it takes effect?
did you restart UF?
yes i've done it
hi satishdange .. thanks, but it doesn't forward data to indexer .. what else do u think?