I have Splunk Add-on for AWS version 4.6.1 installed on a standalone search head that is running on Splunk Enterprise version 7.3.3, and running on CentOS 7.
I have a S3 bucket named, backups.
and under backups, I have two sub folders,
I only want to ingest files from server_test1, but I am ingesting files from the both folders.
Could you tell me what I am not doing right?
here is the inputs.conf
[aws_s3://server_test]aws_account = aws-instancesbucket_name = backupscharacter_set = autoct_blacklist = ^$host_name = s3.amazonaws.comindex = test_indexinitial_scan_datetime = 2021-03-29T15:00:15Zmax_items = 100000max_retries = 3polling_interval = 1800recursion_depth = -1sourcetype = aws:s3disabled = 0log_partitions = server_test1/