Hi ,
I am adding here multiple monitoring stanza to filter out different log files and give them source type.
But I am seeing in indexer's search that source SystemErr.log with two different source type i.e. SystemErrs and SystemErr-Small.
Please suggest me what should i do to not do filter in two diffrent stanzas.
[monitor://E:/fflogs/SystemOut.log] sourcetype=SystemOuts
[monitor://E:/fflogs/SystemErr.log] sourcetype=SystemErrs
[monitor://E:/fflogs/] whitelist=.log$