Re: How to make sure files containing a particular...

nls7010 · ‎11-08-2016

This is what I have started:

[monitor:///web/apps/doms/domains/*/CrewAdminAdapter.log]
index=wlsseappslogs
blacklist = *gc*\.log$
sourcetype = CrewAdminAdapter
crcSalt=

There are logs that look like: cw_nms_msa_ms011_gc060.log I don't want any of the logs that look like this but there are other logs very similar to this that I do want but they don't contain _gc which is our garbage collection file.

How do I keep those files from coming in with my blacklisting?

ddrillic · ‎11-08-2016

As we just spoke about in the other thread at Is it possible to use regular expressions and wildcard in the monitoring stanza of inputs.conf?

inputs.conf

Says -

The syntax is of wildcard and not regex. So, blacklist = *gc*.log should work and not blacklist = *gc*\.log$

You should be abe to validate it using ls *gc*.log.

adamsaul · ‎12-07-2016

ddrillic,

The use of regular expressions within a blacklist is allowed.

The use of regular expressions within [monitor://....] is not allowed.

nls7010 · ‎11-08-2016

sorry the line is gc.log$

How to make sure files containing a particular pair of letters are properly blacklisted?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!