I configured the AWS S3 input data source in Splunk Cloud. After specifying the bucket, it presented a choice of paths which are only 2 levels down from the root. Our logs are stored in a location which is 3 levels down, and at 2 levels down we have our data files and logs. So specifying the 2 level folder will ingest all our data and logs which is obviously not desirable.
Is there a way to either specify the exact path from which the logs should be read, or making the configuration UI look 3 levels down?
Thanks.
Denis
Denis, there are two ways to work with S3 data "paths" not available in the dropdown for now: use of blacklists/whitelists or your modify the key_name attribute (i.e. "path") in the inputs.conf file. Also, note that S3 is unlike other filesystems where there is no "hierarchy" per se and each "path" is really a key name that identifies a file/object in your bucket.