How to whitelist a pattern of a file in multiple f... - Splunk Community

All Apps and Add-ons

I have s3 bucket containing folders of format i-0XXXXXXXXX .
each of these folders has a log file of this pattern XXXqueriesXXX.gz.
My key prefix (The path to the i-0XXXXXX folders) looks something like this resources/logs/e-muretrsd/.

Basically, I am looking to pull logs from locations satisfying this pattern resources/logs/e-mustt/i-XXXXXXX/XXXXXXqueriesXXXXX.gz

How can I achieve this in the splunk aws addon

Hi,

Please refer below link:
https://docs.splunk.com/Documentation/AddOns/released/AWS/S3
https://docs.splunk.com/Documentation/Splunk/7.0.2/Admin/Inputsconf

Also in inputs.conf use whitelist parameter using regex something like this:

[input_stanza]
..
whitelist = resources\/logs\/e-mustt\/i\-.+?/.+queries.+\.gz$

so if I use i-.+? we get the all the folders starting with i-XXXX in the directory?

I know this old post but were able to get this solved? I'm having the same issue but not finding much in the way of documentation S3 key prefix.

Likewise suffering a lack of documentation on the use of the AWS configuration settings.

Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members! The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...