For CloudTrail, how would I format a query to look for the follow pattern?
Steve Litras
Posts: 12 admin
Hello. I have a basic CloudTrail bucket and would like to have the account number part of the bucket path be able to be specified in a Cribl Search.
How would I format a search query that looks for “account” 12345 if the path is as follows. …/AWSLogs/${account}/CloudTrail/…
Tagged:
0
Best Answer
-
dataset=mydataset account=12345
0
Answers
-
dataset=mydataset account=12345
0 -
That's what I figured it would be, but wasn't seeing results. I let it run for 30 seconds this time and it showed results after I cancelled the search.
0 -
oh, maybe some ui refresh issues?
0 -
It must have been, but It's working now. just taking a bit longer than I was allowing it to run. Thanks for helping confirm/sanity check for me :slightly_smiling_face:
0