Using Wildcards in Paths
Rather than entering each file by name, using wildcards in the Source path allows you to collect all files of a certain type within one or more directories, or many files from many directories. When specifying file names (or paths) in Microsoft Windows and Unix-like operating systems, the asterisk character ("*") substitutes for any zero or more characters, and the question mark ("?") substitutes for any one character.
NOTE: Wildcards are not currently supported for Remote File Sources.
Specifying Paths to Collect from Local Sources
When using wildcards in paths for file collections:
*is a simple, non-recursive wildcard representing zero or more characters which you can use for paths and file names.
**is a recursive wildcard which can only be used with paths, not file names.
- Multiple recursive expressions within the path are not supported.
So, for example:
- /var/log/** will match all files in /var/log and all files in all child directories, recursively.
- /var/log/**/*.log will match all files whose names end in .log in /var/log and all files in all child directories, recursively.
- /home/*/.bashrc will match all .bashrc files in all user's home directories.
- /home/*/.ssh/**/*.key will match all files ending in .key in all user's .ssh directories in all user's home directories.
NOTE: The recursive wildcard (**) can be specified only once in a path statement. It can be pretty confusing to use recursive logic at more than one level like in /var/log/**/subdir/**/*.log so we allow recursive wildcards in only one position in a path.
More information can be found at Using Wildcards In Path
Using Wildcards in the Blacklist Field
The same wildcards listed above can be used to exclude unwanted files or directories in the Blacklist field. For example, you are collecting /var/log/*.log but don’t want to collect unwanted*.log, then specify /var/log/unwanted*.log in the blacklist. You can also exclude subdirectories. For example, if you are collecting /var/log/**/*.log but do not want to collect anything from /var/log/unwanted directory, specify /var/log/unwanted in the Blacklist field.
Note: Sumo Logic does not collect any compressed files via local file source so you do not need to blacklist them to exclude them.