I have s3 bucket containing folders of format i-0XXXXXXXXX .
each of these folders has a log file of this pattern XXXqueriesXXX.gz.
My key prefix (The path to the i-0XXXXXX folders) looks something like this resources/logs/e-muretrsd/.
Basically, I am looking to pull logs from locations satisfying this pattern resources/logs/e-mustt/i-XXXXXXX/XXXXXXqueriesXXXXX.gz
How can I achieve this in the splunk aws addon
whitelist parameter using regex something like this:
[input_stanza] .. whitelist = resources\/logs\/e-mustt\/i\-.+?/.+queries.+\.gz$