Skip to main content
Sumo Logic

Amazon Path Expressions


  • The S3 bucket name is not part of the path, so don’t include the bucket name when you are setting the Path Expression. They are separate entities.
  • Amazon path expressions DO NOT use a leading forward slash. To collect all logs at a hierarchical level, use some portion of the source path and a single asterisk as a wildcard. You can use only one wildcard in the path expression.

For example, using /name/* for the path expression would result in no file objects being found, due to the leading forward slash. Instead, use name/*.

In another example, AWS CloudTrail logging generates a new folder every day that looks like this:


To gather all logs under the CloudTrail level, use the file path CloudTrail/*, which will collect files such as:




Another example would be to collect only the objects found in the 2014 path matching .json.gz. To do so, use the file path


Updating Path Expressions

You can update a Path Expression at any time. However, if you change a Path Expression, only new logs will be collected; any logs that existed before the change will not be re-ingested.