Linux filebeat input collector for Graylog

Question

I'm try to configure a Graylog collector [filebeat] for Liunx. The part that I'm having an issue with is the paths:

The path I want to collect logs from has many log files contained in it. I only want to collect the files that have the format (example) 20201020.catalina.out

from a the command line I run this and it works on the server:

vi /var/log/oscar/`(date +"%Y%m%d.catalina.out")`

Bring up the file with today's date.

Example of my filebeat config:

> # Needed for Graylog fields_under_root: true fields.collector_node_id: ${sidecar.nodeName} fields.gl2_source_collector: ${sidecar.nodeId}
> 
> filebeat.inputs:
> - input_type: log
> 
>   paths:
>     
>     - /var/log/oscar/error-ssl.log
>     - /var/log/oscar/access-ssl.log
>     - /var/log/oscar/`(date +"%Y%m%d.catalina.out")`

When the collector is running it only captures only the error-ssl.log and access-ssl.log [logs]

Answer 1

Filebeat's documentation says that "All patterns supported by Go Glob are also supported here."

And Go Glob's documentation says "the syntax of patterns is the same as in Match".

Finally, Match's documentation shows the supported pattern:

The pattern syntax is:

pattern:
    { term }
term:
    '*'         matches any sequence of non-Separator characters
    '?'         matches any single non-Separator character
    '[' [ '^' ] { character-range } ']'
                character class (must be non-empty)
    c           matches character c (c != '*', '?', '\\', '[')
    '\\' c      matches character c

character-range:
    c           matches character c (c != '\\', '-', ']')
    '\\' c      matches character c
    lo '-' hi   matches character c for lo <= c <= hi

So, you have to deal with this pattern. Something like this should work:

     - /var/log/oscar/*.catalina.out