We are running a CA UIM Project and we faced the below scenario, not currently covered by logmon probe capabilities.
Log files are generated and stored under a physical path, on a random time basis. At an exact moment of time, there are many files under this path with similar name pattern having an exact prefix and the file generation timestamp, in their filenames, e.g.:
Files under the path on an exact time moment:
ext_20180615200000 with DateModified: t0
ext_20180615202000 with DateModified: t0+
ext_20180615202200 with DateModified t0++
vis_20180615202350 with dateModified t0+++
Configuring the logmon probe, we set the files' match expression to "ext_*", to match only the relevant files that respect to the application monitored, so at the time moment of the watcher execution, 3 files are matched, as per the above example.
We are using the "updates" mode to scan ONLY the latest file (with DateModified: t0++) among all 3 matched, but all 3 files are scanned, pushing all files' QoS to the ca_uim database.
What we need to achieve the requirement in place, is the logmon probe to scan only the latest file (through DateModified value), among all files that are matched via the files' match expression.