Is that the same steps for Splunk Cloud as it is for Splunk Enterprise? I'm looking at some CloudFront logs being ingested through an s3 bucket input into a Cloud instance. I found some notes at https://answers.splunk.com/answers/149597/im-struggling-with-how-i-should-be-doing-inputs-and-also-props-transforms-etc-stuff-within-splunk-cloud.html that might apply, but I've also found notes saying it's impossible to anonymize this data after indexing. Do I need to be transforming it with a sed script before even having Splunk Cloud in the picture, or is there a configuration i'm missing (field transform?)? ... View more