We have enabled CloudTrail from AWS Organization as a result CloudTrail creates the bucket with the following folder structure.
When using the "Incremental S3" Splunk does not index the logs because of the "organization-id" within the path.
Is there a way I can tell Splunk to accept the "organization-id" and proceed with indexing?
Thanks in advance.
... View more