I have s3 bucket containing folders of format i-0XXXXXXXXX .
each of these folders has a log file of this pattern XXXqueriesXXX.gz.
My key prefix (The path to the i-0XXXXXX folders) looks something like this resources/logs/e-muretrsd/.
Basically, I am looking to pull logs from locations satisfying this pattern resources/logs/e-mustt/i-XXXXXXX/XXXXXXqueriesXXXXX.gz
How can I achieve this in the splunk aws addon
Hi,
Please refer below link:
https://docs.splunk.com/Documentation/AddOns/released/AWS/S3
https://docs.splunk.com/Documentation/Splunk/7.0.2/Admin/Inputsconf
Also in inputs.conf
use whitelist
parameter using regex something like this:
[input_stanza]
..
whitelist = resources\/logs\/e-mustt\/i\-.+?/.+queries.+\.gz$
so if I use i-.+? we get the all the folders starting with i-XXXX in the directory?
I know this old post but were able to get this solved? I'm having the same issue but not finding much in the way of documentation S3 key prefix.
Likewise suffering a lack of documentation on the use of the AWS configuration settings.