I'm trying to monitor log files within my application for the error & fatal logs, which can look like
web-error.log
web-error.log2018-02-01
web-error.log2018-02-02
web-error.log2018-02-02
There's other types of logs in the same directory that follows similar pattern such as web-info.log, web-debug.log, web-warn.log. For now, I'm having issues setting up monitoring just the web.log and all its archived logs.
My inputs.conf is setup with this:
[monitor:////wsbbat/web/dev/logs]
index=web_dev
sourcetype = log4j
source = web_errors
whitelist = web-error\.log*
crcSalt =
[monitor:////wsbbat/web/dev/logs]
index=web_dev
sourcetype = log4j
source = web_fatal
whitelist = web-fatal\.log*
crcSalt =
I've tried other whitelist pattern such as ones below but none of these patterns seems to work
whitelist = web-error\.log$|web\.log\d{4}-\d{2}-\d{2}
whitelist = web-error\.log$|web\.log\d{4}-\d{2}-\d{2}$
whitelist = web-error\.log$|web\.log[0-9-]+
whitelist = web-error\.log$|web\.log.*
↧