Filename format

The files are stored in a directory structure that indicates the date and time the file was delivered to the archive data.

The main path follows this format:

wazuh-cloud-cold-<REGION>/<CLOUD_ID>/<CATEGORY>[/<SUBCATEGORY>]/<YEAR>/<MONTH>/<DAY>

Each file has the following name:

<CLOUD_ID>_<CATEGORY>[_<SUBCATEGORY>]_<YYYYMMDDTHHmm>_<UniqueString>.<FORMAT>

The files include the following fields:

field	Description
`<REGION>`	The region where the environment is located.
`<CLOUD_ID>`	Cloud ID of the environment.
`<CATEGORY>`	This field must be output.
`<SUBCATEGORY>`	This field is only used by the output category and contains alerts or archives files.
`<YEAR>`	The year when the file was delivered.
`<MONTH>`	The month when the file was delivered.
`<DAY>`	The day when the file was delivered.
`<YYYYMMDDTHHmm>`	Digits of the year, month, day, hour, and minute when the file was delivered. Hours are in 24-hour format and in UTC. A log file delivered at a specific time can contain records written at any point before that time.
`<UniqueString>`	The 16-character UniqueString component of the file name prevents overwriting files. It has no meaning and log processing software should ignore it.
`<FORMAT>`	It is the encoding of the file. This field is json.gz for output files, which is a JSON text file in compressed gzip format, and tar.gz for configuration files.