Monitor file on Collection Agent

The following video (4:09) illustrates the process of creating a data collector for collecting the itda.log file.The [confluence_iframe] macro is a standalone macro and it cannot be used inline. Click on this message for details.
This macro generates standalone content. As a consequence you need to make sure to use a syntax that separates your macro from the content before and after it so that it's on a line by itself. For example in XWiki Syntax 2.0+ this means having 2 newline characters (a.k.a line breaks) separating your macro from the content before and after it.https://youtu.be/vB7StE8H-gM

To locally collect files from a host

1. Navigate to Administration > Data Collectors > Add Data Collector .
2. In the Name box, provide a unique name to identify this data collector.From the Type list, select Monitor File on Collection Agent.

3. Provide the following information, as appropriate:

   Field	Description
   Target/Collection Host
   Collection Host (Agent)	Type or select the collection host depending on whether you want to use the Collection Station or the Collection Agent to perform data collection. The collection host is the computer on which the Collection Station or the Collection Agent is located. By default, the Collection Station is already selected. You can either retain the default selection or select the Collection Agent. Note: For this type of data collector, the target host and collection host are expected to have the same values.
   Collector Inputs
   Directory Path	Specify a directory path that is an absolute path of the log file. In the path, you can specify wildcards or system environment variables. Wildcards can be used to match a partial path or include subdirectories of a file. You can use the following wildcard characters: Question mark (?)—Can be used to substitute exactly one character in the directory path. Asterisk (*)—Can be used to substitute zero or more characters in the directory path. Sequence of two asterisks (**)—Can be used to substitute a partial path or include subdirectories depending on where you place the wildcard in the path. The [expand] macro is a standalone macro and it cannot be used inline. Click on this message for details. This macro generates standalone content. As a consequence you need to make sure to use a syntax that separates your macro from the content before and after it so that it's on a line by itself. For example in XWiki Syntax 2.0+ this means having 2 newline characters (a.k.a line breaks) separating your macro from the content before and after it.For more information, see Using wildcards in the directory path. Tip: (about specifying an environment variable) Keep in mind that after creating the environment variable on the Collection Host, you need to restart the Collection Agent (or Collection Station) to be used for creating the data collector. Without doing this, you cannot apply the environment variable and this might affect the auto-detect feature available for assigning a data pattern.
   Filename/Rollover Pattern	Specify the file name only, or specify the file name with a rollover pattern to identify subsequent logs. You can use the following wildcard characters: Asterisk (*)—Can be used to substitute zero or more characters in the file name. Question mark (?)—Can be used to substitute exactly one character in the file name. Specifying a rollover pattern can be useful to monitor rolling log files where the log files are saved with the same name but differentiated with some variable like the time stamp or a number. Specifying a wildcard can also be useful when you remember the file name only partially. Note: Ensure that you specify a rollover pattern for identifying log files that follow the same data format (which means they will be indexed with the same data pattern). See examples Scenario 1 Suppose you want to collect log files saved with succeeding numbers once they reach a certain size; for example: IAS0.log IAS1.log IAS2.log Rollover pattern: In this scenario, you can specify the rollover pattern as IAS?.log. Scenario 2 Suppose you want to collect log files that roll over every hour and are saved with the same date but a different time stamp in the YYYY-MM-DD-HH format; for example: 2013-10-01-11 .log 2013-10-01-12.log 2013-10-01-13.log Rollover pattern: In this scenario, you can specify the rollover pattern as 2013-10-01-*.log or 2013-10-01-??.log. In this scenario, if you are sure that exactly two digits at the end of timestamp are likely to change, then you can specify the ?? wildcard sequence to capture exactly two changing digits. Otherwise, specifying a single asterisk is recommended.
   Time Zone	Excerpt named time zone was not found in document xwiki:IT-Operations-Management.Operations-Management.BMC-TrueSight-IT-Data-Analytics.itda25.Administering.Managing-data-collectors.Creating-data-collectors.Upload-file.WebHome.
   Data Pattern
   Pattern	Excerpt named pattern was not found in document xwiki:IT-Operations-Management.Operations-Management.BMC-TrueSight-IT-Data-Analytics.itda25.Administering.Managing-data-collectors.Creating-data-collectors.Upload-file.WebHome.
   Date Format
   Date Locale	(Optional) You can use this setting to enable reading the date and time string based on the language selected. Note that this setting only applies to those portions of the date and time string that consist letters (digits are not considered). By default, this value is set to English. You can manually select a language to override the default locale. For a list of languages supported, see Language-information.
   File Encoding	If your data file uses a character set encoding other than UTF-8 (default), then do one of the following: Filter the relevant character set encodings that match the file. To do this, click Filter relevant charset encoding next to this field. Manually scan through the list available and select an appropriate option. Allow IT Data Analytics to use a relevant character set encoding for your file by manually select the AUTO option.
   Poll Interval (mins)	Enter a number to specify the poll interval (in minutes) for the log collection. By default, this value is set to 1.
   Start/Stop Collection	(Optional) Select this check box if you want to start the data collection immediately.

   The [expand] macro is a standalone macro and it cannot be used inline. Click on this message for details.
   This macro generates standalone content. As a consequence you need to make sure to use a syntax that separates your macro from the content before and after it so that it's on a line by itself. For example in XWiki Syntax 2.0+ this means having 2 newline characters (a.k.a line breaks) separating your macro from the content before and after it.

   Tags

   Inherit Host Level Tags From Target Host

   (Optional) Select this check box to inherit your tag selections associated with the target host that you selected earlier. This option is not applicable if you did not select a target host. Note: After selecting this check box, you can further manually select additional user groups. When you manually select additional user groups, both the inherited permissions as well as the manually assigned permissions are applied. To remove the inherited permissions, clear this check box.

   Select Tag name and corresponding value

   (Optional) Select a tag name and specify the corresponding value by which you want to categorize the data collected. Later while searching data, you can use these tags to narrow down your search results.Example: If your are collecting data from hosts located at Houston, you can select a tag name for "Location" and in the value specify "Houston". While searching the data, you can use the tag, Location="Houston" to filter data and see results associated with the Houston location.To be able to see tag names, you need to first add them by navigating to Administration > System Settings.To specify tag names and corresponding values, in the left box select a tag name and then type the corresponding tag value in the right box. While you type the value, you might see type-ahead suggestions based on values specified in the past. If you want to use one of the suggestions, click the suggestion. Click Add to add the tag name and corresponding value to the list of added tags that follow. Click Remove Tag to remove a tag.The tags saved while creating the data collector are displayed on the Search tab, under the Filters panel, and in the Tags section.Note: At a time, you can specify only one value for a tag name. To specify multiple values for the same tag name, each time you need to select the tag name, specify the corresponding value, and click Add.For more information about tags, see Understanding-fields.

   Group Access

   Inherit Host Level Access Groups From Target Host

   (Optional) Select this check box to inherit your group access configurations associated with the target host that you selected earlier. This option is not applicable if you did not select a target host. Note: After selecting this check box, you can further manually select additional user groups. When you manually select additional user groups, both the inherited permissions as well as the manually assigned permissions are applied. To remove the inherited permissions, clear this check box.

   Select All Groups

   (Optional) Select this option if you want to select all user groups. You can also manually select multiple user groups. Notes: You can access data retrieved by this data collector based on the following conditions. If user groups are not selected and data access control is enabled: Only the creator of the data collector can access data retrieved by this data collector. If user groups are not selected and if data access control is not enabled: All users can access data retrieved by this data collector. You can restrict access permissions by selecting the relevant user groups that must be given access permissions. To enable data access control, navigate to Administration > System Settings. For more information, see Managing-user-groups-in-IT-Data-Analytics.

4. Click Create to save your changes.

Using wildcards in the directory path

A wildcard is a character that can be used to substitute one or more characters while selecting files for monitoring.

Using wildcards in the directory path can be useful in the following scenarios:

• When you want to collect specific logs from different locations on the same server.
• When you want to collect logs from the subdirectories of the specified directory.

The following table lists the wildcards that you can use while specifying directory paths: