Hi.

I have a common log path in my server say logs/project1/ which has perflogs and debuglogs i.e like this Appt_Perflog_ms1,Appt_Perflog_ms2 .. ,ABC_Perflog_ms1,ABC_Debug_ms1.txt .. Now i need these logs i.e perflogs to move to perf index and debug to debug index. so for that i have used the following monitor stanza.

[monitor:///logs/project1/*_Debug_ms*.txt]
blacklist = \.(gz)$
whitelist = ABC_Debug_ms[1-4]{1}.txt$ 
disabled = false
followTail = 0
recursive = false
sourcetype = debug_log
index = debuglogs



[monitor:///logs/project1/*_Perflog_ms*.txt]
blacklist = \.(gz)$
whitelist = (Appt_Perflog_ms[1-4]{1}.txt$ | ABC_Perflog_ms[1-4]{1}.txt$ )
disabled = false
followTail = 0
recursive = false
sourcetype = perf_log
index = perflogs

but this seems to be not working ?? any clue what happened here ?? is the **_* in monitor stanza causing this issue..pls help me..