All Apps and Add-ons

Splunk Add-on for AWS Generic S3 Input Configuration

New Member


I have Splunk Add-on for AWS version 4.6.1 installed on a standalone search head that is running on Splunk Enterprise version 7.3.3, and running on CentOS 7. 

I have a S3 bucket named, backups. 

and under backups, I have two sub folders,

  • server_test1
  • server_test2

 I only want to ingest files from server_test1, but I am ingesting files from the both folders. 

Could you tell me what I am not doing right? 

here is the inputs.conf

aws_account = aws-instances
bucket_name = backups
character_set = auto
ct_blacklist = ^$
host_name =
index = test_index
initial_scan_datetime = 2021-03-29T15:00:15Z
max_items = 100000
max_retries = 3
polling_interval = 1800
recursion_depth = -1
sourcetype = aws:s3
disabled = 0
log_partitions = server_test1/

Labels (3)
0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!