Is there a trick to ingesting access files from AWS CloudFront via S3?
I’ve been able to connect Sumo to an S3 bucket and it is grabbing the gzip files and decompressing them. But it never sees the actual log messages. It only records the first two lines, which are just a version value and column identifiers.
I tried a few different Processing Rules, but I never did get any actual messages. I only saw the column header info and the version number in the log queries.
I am using a five-minute scan interval and not the SNS integration.
I shouldn't need any special multiline processing, as log values are on a single line.
Bucket versioning is disabled.
What else do I need to check?
Please sign in to leave a comment.