Hello. I have a basic CloudTrail bucket and would like to have the account number part of the bucket path be able to be specified in a Cribl Search.
How would I format a search query that looks for “account” 12345 if the path is as follows. …/AWSLogs/${account}/CloudTrail/…
Page 1 / 1
dataset=mydataset account=12345
That's what I figured it would be, but wasn't seeing results. I let it run for 30 seconds this time and it showed results after I cancelled the search.
oh, maybe some ui refresh issues?
It must have been, but It's working now. just taking a bit longer than I was allowing it to run.Thanks for helping confirm/sanity check for me 
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.