I have several virtual hosts under /opt/log/
/opt/log/webA
/opt/log/webB
/opt/log/webC
They all have denied.log that I need to index, would this be correct inputs.conf?
[monitor:///opt/log/www*]
sourcetype = apache
index=www
host_segment=3
whitelist = denied\.log$
This worked:
[monitor:///opt/log/*]
index=web
host_segment=3
sourcetype = apache
index=www
whitelist = access.log$