I have a directory monitor setup like below:
[monitor://some/path/to/my/DATA/*]
disabled = false
host_regex = (\w+)-\w+\.log\..*$
index = this_data_index
sourcetype = some_sourcetype
The log files that I am monitoring in this directory are day-of-the-week log files (i.e. fooBar.log.mo, fooBar.log.tu, etc.). Currently, the source is being set to the default path `some/path/to/my/DATA/helloWorld-text.log.mo` but what I would like to do is strip off the day extension so that my source would be `some/path/to/my/DATA/helloWorld-text.log` regardless of which day file it loaded.
I've been looking around but have yet to find an answer that really applies to my situation. Any help would be greatly appreciated!
↧