We have 14 directories of log files which contain ~3,100 files. Each day the logs are rotated and 3,100 new files are created with wholly new filenames (eg: Job_ACCOUNTS_PAYABLE_DM_0298.log becomes Job_ACCOUNTS_PAYABLE_DM_0299.log). There might be >300 differently named files like this in each directory.
I am trying to make some order out of this when it gets indexed. The best idea I have come up with is to send each of the different directories as a different sourcetype. That helps, but not entirely .. but it is still alot of sources and I am wondering if others have found a better way?
The application produces these files this way and can not be altered, so I am hoping a good index strategy would help.
... View more