Does the LogFilter agent has a FAQ?
There is a LogFilter FAQ - see the list of available solutions below:
General LogFilter Information
The LogFilter agent is only created as a topology when data is actually collected by the agent.
Therefore, you will not be able to add the agent instance to any rule until after the data has been collected.
To test the logfilter agent (to ensure data is collected) you will have to echo lines into a test file to capture the matched string.
You cannot open the file and edit it (this ruins the marker the agent uses against the agent).
When the target log file name is first reviewed by the agent, it does not review the contents of that file, but puts a 'marker' at the end.
you will have to append new lines into the target log file for it to be matched against the match list you created.
Q: Just curious how does the agent find know or define the "latest file" that match the file pattern?
A: All files matches the file name(or regex) sorted by file timestamp.
Q: It is all based on the marker?
Q: Also, is the marker directly inserted into the log file meaning that it will actually write to and edit the log files?
A: No edit/write to any user log files. The agent remembers the position in memory as a variable.