Seems to be an old post but for those who are looking for it.. The purpose was to read some binary logs using archive processor. This configuration worked:
props.conf:
[source::/path/to/log/directories/...log]
invalid_cause = archive
unarchive_cmd = executable_to_read_binary
sourcetype = binary_log
NO_BINARY_CHECK = true
[default]
maxDist = 500
inputs.conf:
[monitor:///path/to/log/directories]
sourcetype = binary_log
not sure sourcetype is mandatory to get this working. I was able to use invalid_cause under source::. Actually this is the only way it works for me.
... View more