Blacklist patterns not working in inputs.conf

AnmolKohli · ‎01-16-2018

I want to blacklist below two logs from my index.

Log 1: op_fe-run_autostat*
Log 2: op_fe-run_autostat*

I tried below configurations in inputs.conf but none of them are working. Can you please check.

Pattern 1:-

blacklist1 = op_fe-run_autostat*
blacklist2 = op_fe-proteus_prod_archive_E*

pattern 2:

blacklist= (op_fe-run_autostat* | op_fe-proteus_prod_archive_E*)

Pattern 3:

blacklist1 = source="op_fe-run_autostat*"
blacklist2 = source="op_fe-proteus_prod_archive_E*"

richgalloway · ‎01-17-2018

The blacklist attribute uses regular expressions, not patterns. Try these settings.

blacklist= (op_fe-run_autostat.* | op_fe-proteus_prod_archive_E.*)

---
If this reply helps you, Karma would be appreciated.