Skip to content

C
configuration
Commit 167f55d7 by Stu Young Committed by GitHub
Options

Merge pull request #4060 from edx/estute/allow-custom-blacklists-for-splunk 

allow custom blacklist rules for splunk forwarder
parents cc29846c c76898e1
Showing with 6 additions and 0 deletions
playbooks/edx-east/jenkins_testeng_master.yml
......@@ -28,6 +28,7 @@
sourcetype: build_result
followSymlink: false
crcSalt: '<SOURCE>'
blacklist: '(((\.(gz))|\d)$)|(.*seed.*)'
- source: '/var/lib/jenkins/jobs/*/builds/*/log'
index: 'testeng'
......@@ -35,6 +36,7 @@
sourcetype: build_log
followSymlink: false
crcSalt: '<SOURCE>'
blacklist: '(((\.(gz))|\d)$)|(.*seed.*)'
- source: '/var/lib/jenkins/jobs/*/builds/*/archive/test_root/log/timing.*.log'
index: 'testeng'
......
playbooks/roles/splunkforwarder/templates/opt/splunkforwarder/etc/system/local/inputs.conf.j2
......@@ -2,7 +2,11 @@
{% for loggable in SPLUNKFORWARDER_LOG_ITEMS%}
[monitor://{{ loggable.source }}]
{% if loggable.blacklist is defined %}
blacklist = {{ loggable.blacklist }}
{% else %}
blacklist = ((\.(gz))|\d)$
{% endif %}
{% if loggable.recursive | default(False) %}
{# There's a bug in which "recursive" must be unset for logs to be forwarded #}
{# See https://answers.splunk.com/answers/420901/splunk-not-matching-files-with-wildcard-in-monitor.html #}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment