I have configured an app being pushed from deployment server to a remote Windows host to read DAT files.
Links already referenced:
The configuration looks like this :
[source::....(dat)] sourcetype = mysourcetype
[default] index = app sourcetype = mysourcetype [monitor://D:\folder\folder\Server34\encyc\status\*\*] [monitor://C:\Anupama\status\...\...] [monitor://C:\folder\status\*\*] [monitor://C:\folder\status\*.dat]
It is weird that all the files in the folder getting read, except for the required DAT files.
Can someone help with the best configurations, please ?
I'd recommend reading here for best practices on monitor and wildcards :
Your monitors should look more like
[monitor://path*/*.dat] sourcetype = mysourcetype
As for the source statement, this would re-sourcetype all dat files, however, Im not sure if your syntax is correct on this. Typically it should look more like
Notice the 4 x "...." + ".dat". Your's doesnt have this, so Im not sure if its going to match correctly.
Out of curiosity, does your ".dat" contain ascii or binary data? Without pre-processing this into ascii / human readable format, it wont be worth indexing.