I have a directory monitor setup like below:
[monitor://some/path/to/my/DATA/*]
disabled = false
host_regex = (\w+)-\w+\.log\..*$
index = this_data_index
sourcetype = some_sourcetype
The log files that I am monitoring in this directory are day-of-the-week log files (i.e. fooBar.log.mo, fooBar.log.tu, etc.). Currently, the source is being set to the default path some/path/to/my/DATA/helloWorld-text.log.mo but what I would like to do is strip off the day extension so that my source would be some/path/to/my/DATA/helloWorld-text.log regardless of which day file it loaded.
I've been looking around but have yet to find an answer that really applies to my situation. Any help would be greatly appreciated!
... View more