I am trying to pick logs having job-info.*log name in common directory and job-heartbeat.*logs from heartbeat sub directory and job-error .*log from error sub directory. I used the configuration below and it is working fine. The only issue that I am facing is job-info.*log files are also getting picked up when someone places these files in other sub directories (xyz in below case). I don't want these files to pick when they are placed in any sub-directories, These should be picked only when they are placed in the common directory. Please suggest changes in the whitelist.
disabled = false
index = infra_job
whitelist = (job-info.*log|heartbeat/job-heartbeat.*log|error/job-error.*log)
files/directories under this directory (example)
error/ heartbeat/ xyz/job-info.*log ---- don't want these logs to pick job-info1.log job-info2.log job-info3.log
Thanks in advance
Why not create 3 separate monitor inputs, one for job-info, one for error and one for heartbeat?
[monitor:///abc/common/job-info.*log] disabled = false index = infra_job [monitor:///abc/common/heartbeat/job-heartbeat.*log] disabled = false index = infra_job [monitor:///abc/common/error/job-error.*log] disabled = false index = infra_job
there is a blacklist setting you could set for the job-info*.log files.
Just add the following line to your config:
This will make sure you definitely will not index files under the specified path, cuz blacklist take precedence over whitelists.
If a file matches the regexes in both the blacklist and whitelist settings,
the file is NOT monitored. Blacklists take precedence over whitelists.