Hi, I wish to configure splunk forwarder to pick logs from a directory that match any of the below patterns. Essentially anything that matches the regex "/^(jacket.)?[^\.]*-[^\.]*(.jvm)?.log$/". I tried to make below changes to inputs.conf but it is not working as expected. Can someone help guide how to debug further ?
- may start with “jacket.”
- must have at least one hyphen
- must end in “.log” or “.jvm.log”
- must not have any other “.” characters
#Inputs.conf
[monitor:///base/apps/logs]
disabled = false
index = test
sourcetype = _json
whitelist = ^(jacket.)?[^\.]*-[^\.]*(.jvm)?.log$
blacklist = \.gz$
↧
