To recursively search as the example states: /foo/** expands to /foo, /foo/*, /foo/*/*, and so on, but it did not work for me. I am guessing i have the syntax incorrect. I have used this in the past as apps/log/**/*.log ... that worked for me, but i only need the catalina.out logs in the example.
You should see how filebeat is expanding your path, I've tested on my side with the following structure:
ph@sashimi /tmp/logs tree
.
└── var
├── p
│ └── c
│ └── d
│ ├── dont.log
│ ├── e
│ │ ├── dont.log
│ │ └── findme.log
│ └── findme.log
├── pa
│ └── d
│ └── e
│ └── findme.log
└── pxx
└── d
With Filebeat configured with the following path /tmp/logs/var/**/findme.log, It will find all the files matching this glob pattern.
2018-01-31T14:52:21.429-0500 DEBUG [prospector] log/prospector.go:361 Check file for harvesting: /tmp/logs/var/p/c/d/findme.log
2018-01-31T14:52:21.429-0500 DEBUG [prospector] log/prospector.go:434 Start harvester for new file: /tmp/logs/var/p/c/d/findme.log
2018-01-31T14:52:21.429-0500 DEBUG [prospector] log/prospector.go:361 Check file for harvesting: /tmp/logs/var/pa/d/e/findme.log
2018-01-31T14:52:21.429-0500 DEBUG [prospector] log/prospector.go:434 Start harvester for new file: /tmp/logs/var/pa/d/e/findme.log
2018-01-31T14:52:21.429-0500 INFO log/harvester.go:216 Harvester started for file: /tmp/logs/var/p/c/d/findme.log
2018-01-31T14:52:21.429-0500 DEBUG [prospector] log/prospector.go:361 Check file for harvesting: /tmp/logs/var/p/c/d/e/findme.log
2018-01-31T14:52:21.429-0500 DEBUG [prospector] log/prospector.go:434 Start harvester for new file: /tmp/logs/var/p/c/d/e/findme.log
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.