File Source | Falcon LogScale Collector 1.2.0-1.2.1 | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

IMPORTANT: This manual will be archived after 15th December 2025. The manual will be available in a downloadable format and will continue to be updated, but not included as part of the active, searchable, documentation.

File Source

Table: File source

Parameter	Type	Required	Default Value	Description
`exclude`	array of strings	optional^[a]		Specify the file extensions to exclude when collecting data. Some file extensions are automatically ignored even if they match an include pattern: `xz`, `tgz`, `z`, `zip`, `7z`.Note, to include all formats set `excludeExtensions` to an empty array. This will have the effect that files will not be decompressed before ingest.
`excludeExtensions`	array of strings	optional^[a]	`['xz', 'tgz', 'z', 'zip', '7z']`	Specify the file extensions to exclude when collecting data. Some file extensions are automatically ignored even if they match an included pattern: `xz`, `tgz`, `z`, `zip`, `7z`.Note, to include all formats set `excludeExtensions` to an empty array. This will have the effect that files will not be decompressed before ingest.
`inactivityTimeout`	integer	optional^[a]	`60`	Specify the period of inactivity in seconds for a file being monitored before the file descriptor is closed to release system resource. Whenever the file changes, it is re-opened and the timeout restarted.
`include`	array of strings	required		Specify the file paths to exclude when collecting data. This field supports environment variable expansions. To use an environment variable, reference it using the syntax `${VAR}`, where VAR is the name of the variable. The {}-braces may be omitted, however in that case the variable name can only contain: [a-z], [A-Z], [0-9] and "_".
`multiLineBeginsWith`	string	optional^[a]		The file input can join consecutive lines together to create multiline events by using a regular expression. It can be configured to use a pattern to look for the beginning or the continuation of multiline events. Example all multiline events beginning with a date, e.g. `2022` you would use: yaml `multiLineBeginsWith: ^20\d{2}-` in this case every line that doesn't match the pattern, gets appended to the latest line that did.
`multiLineContinuesWith`	string	optional^[a]		The file input can join consecutive lines together to create multiline events by using a regular expression. It can be configured to use a pattern to look for the beginning or the continuation of multiline events. Lines that start with whitespace are continuations of the previous line. For example, to concatenate lines indented by whitespace (instead of starting at column 0): yaml `multiLineContinuesWith: ^\s+` In this case every line that matches the pattern, gets appended to the latest line that didn't.
`parser`	string	optional^[a]		Specify the parser within LogScale to use to parse the logs, if you install the parser through a package you must specify the type and name as displayed on the parsers page for example linux/system-logs:linux/system-logs. If a parser is assigned to the ingest token being used this parser will be ignored.
`sink`	string	required		Name of the configured sink that which will receive the collected events.
`transforms`	transform	optional^[a]		Specify transforms to use for this source (optional), see All Sources: How to Use Transforms for information on how to use transforms.
`type`	file	required		The sources block configures the sources of data that the log collector will send to Falcon LogScale.
^[a]Optional parameters use their default value unless explicitly set.

Enter search term