My Fowarder App is 1.) Deployed 2.) Reloaded 3.) Phoned-in...but still no logs coming in. Here's the inputs.conf just deployed few minutes ago:
[monitor:///Some/Directory/*.logs ]
index = some_index
sourcetype = some_sourcetype
blacklist = .(gz|tar|tgz|zip|bkz|arch|etc|tmp|swp|nfs|swn)$
Is the whitespace after ..logs and before the ] our culprit? Needed confirmation.
Thanks in advance.
p.s. To those who would advice "why not just remove it and then see what happens". Yes, we will do it but our dev-ops process will not be able to pull the code into master until Monday and deploy until Tuesday next week. Thank you for understanding.
p.p.s. the directory has logs in it
↧