I'm monitoring a Windows drive for any files ending in *.lrr and *.eve. This is because we have no control over where the files will be created. This may not be efficient but it works
I want to blacklist a folder on the drive and any sub folders so that the above files are not monitoring if they are in the blacklisted folder. The inputs.conf is
[monitor://D:\...\*.lrr]
disabled = false
whitelist =
index = au_cpe_common_app
sourcetype=LoadRunner_LRR
crcSalt = <SOURCE>
initCrcLength=1000
[monitor://D:\...\_t_rep.eve]
disabled = false
whitelist =
index = au_cpe_common_app
sourcetype=LoadRunner_EVE
crcSalt = <SOURCE>
[monitor://D:\DoNotMonitor\]
disabled = false
whitelist =
blacklist = .+
recursive = true
I would have expected the above blacklist to not monitor any files in the D:\DoNotMonitor folder recusively but it is ingesting files with source "D:\\DoNotMonitor\\donotmonitortest29042021\\_t_rep.eve"
What is the correct way to specify this? I can't find a well documented example of this specific use case