I want to write a Blacklist regex inputs.conf to ignore the latest log file based on the date compared to the current time, what would be the best way to write a regex that finds the current time/date in format of 12102012_11:41:57 which is 12/10/2012 at 11:41:57.
I'm not so sure you could do this with a regex unless you can somehow dynamically have it constantly rewritten. Regular expressions do not take any input, so you can't "feed" a regex with the current time in that way. Even if you could, performing calculations is something you simply cannot do with regular expressions anyway. I think your time is much better spent dealing with other ways of making sure the most recent log file differs in name or location compared to the other ones. Like moving "old" ones into a separate directory, having a somewhat different filename for the one being currently written to, etc.
It does require some work, but the alternative is not to be able to solve this at all. I don't have any particular guide to refer you to - do you know some kind of script language?
As for your second question, refer to my original answer - regular expressions still cannot be used to perform that kind of calculation.
Seems like a difficult process to implement for a task like this, could you give me an example on where I could start?
Can I use NullQueue to get rid of unwanted events, by writing a regex to compare the timestamp of the event of the file to the current time and then sends it to NullQueue to prevent it from indexing?
That is something we cannot do, We cant modify how the logs are being written or to any location, so I need to find away to avoid the log thats still being written to which is the latest log file, is it possible?