Simply configuration

Question

Simply configuration

Opened this issue 6 years ago · 1 comments

Minimally now that I have

        "file_glob": "/bro/logs/*/notice.*gz",
        "recent_file_glob": "/bro/logs/%Y-%m-%d/notice.*gz",

Currently if recent_file_glob is missing, it can just default to file_glob. However, if only recent_file_glob is present, one could just convert the %X to * giving /bro/logs/*-*-*/notice.*gz which would also work in place of file_glob, so both are probably not needed.

Answer 1 · 2018-03-28T01:48:57.000Z

Another idea is to replace


YYYY => (?P<year>\\d\\d\\d\\d)
MM => (?P<month>\\d\\d)
DD => (?P<day>\\d\\d)
HH => (?P<hour>\\d\\d)
MM => (?P<minute>\\d\\d)

which would simplify some of the regexes to stuff like

"filename_to_time_regex": "nfcapd.YYYYMMDDHHMM",

instead of what is there now.