File Source with Windows file paths

Example
yaml
sources:
  windows_logs:
    type: file
    include:
      - 'C:\Program Files\Application\logs\app.log'
      - 'C:\Windows\Logs\*.log'
      - 'D:\Data\logs\*\*.log'
      - 'D:\Data\logs\*\*\*.log'
      - 'D:\Data\logs\*\*\*\*.log'
    exclude:
      - 'C:\Windows\Logs\archived\*.log'
    excludeExtensions:
      - bak
      - tmp
    sink: logscale_sink
sinks:
  logscale_sink:
    type: logscale
    url: https://cloud.humio.com
    token: ${LOGSCALE_TOKEN}
Introduction

This example shows a partial configuration file for a basic Falcon LogScale Collector file-based service, collecting log files from Windows devices.

Note

The Log Collector does not support the ** glob pattern for recursive directory matching; It treats ** as a single-level wildcard, equivalent to *.

To match files at increasing levels of subdirectory depth, use multiple explicit wildcard paths (*/*.log, */*/*.log) as shown in the example above.

Step-by-Step
  1. yaml
    sources:
  windows_logs:
    type: file
    include:
      - 'C:\Program Files\Application\logs\app.log'
      - 'C:\Windows\Logs\*.log'
      - 'D:\Data\logs\*\*.log'
      - 'D:\Data\logs\*\*\*.log'
      - 'D:\Data\logs\*\*\*\*.log'
    exclude:
      - 'C:\Windows\Logs\archived\*.log'
    excludeExtensions:
      - bak
      - tmp
    sink: logscale_sink

    This fragment defines how to correctly specify Windows file paths and extensions when including, or excluding, log files.

  2. yaml
    sinks:
  logscale_sink:
    type: logscale
    url: https://cloud.humio.com
    token: ${LOGSCALE_TOKEN}

    This fragment configures a logscale sink which defines where the collected log data is sent.

  3. Event Result set.

Summary and Results

This example demonstrates a partial configuration for collecting and processing Windows logs using file-based sources.