I have a monitor that that isn't working. I turned debug on in log.cfg, and the Universal Forwarder reports no match on whitelist. The following has been tried:

[monitor://E:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\LogFiles] 
disabled = false 
index = app_ops_prod 
whitelist=ReportServerService*.log 
sourcetype = mssql:ilink:rptsvrsvc 
ignoreOlderThan = 3d 

OR

[monitor://E:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\LogFiles\ReportServerService*.log] 
disabled = false 
index = app_ops_prod 
sourcetype = mssql:ilink:rptsvrsvc 
ignoreOlderThan = 3d 

Splunkd.log says that is matches and then skips. As noted above, I tried 2 configurations.

04-07-2016 17:34:20.348 +0000 DEBUG TailingProcessor - Item '' matches stanza: /E:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\LogFiles. 
04-07-2016 17:34:20.348 +0000 DEBUG TailingProcessor - Not using stanza for this item (File did not match whitelist 'ReportServerService*.log'.). 

The file is E:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\LogFiles\ReportServerService__test.log. The host is Windows Server 2012 r2, and the UF is at verison 6.2.6.