splunk query by source file
I have a splunk query that I'm using to pull billing data out of splunk. The query gathers the info I want. But I need to narrow it down to the month of the report by the file that was used to load the data into splunk.
Using the time picker to break the reports down by month won't work because Splunk is using the file modification time to determine the month. So the results of the reports were off by a month.
This is the query I'm using:
index=prd_aws_billing user_Engagement=12345678 ProductName="Amazon Elastic Compute Cloud" | stats sum(UnBlendedCost) by ResourceId,UsageType,user_Name
And this is the name of the file I want to pull info from:
How can I use this query to pull it's info from just that one file?