• BIND log format Splunk regex

    From Bob Harold@rharolde@umich.edu to bind-users on Tue May 26 12:37:33 2020
    From Newsgroup: comp.protocols.dns.bind

    --000000000000096a3105a68fb7ff
    Content-Type: text/plain; charset="UTF-8"

    I am told from my Splunk experts that the vendor supplied Splunk app for isc-bind matches the BIND 9.8 version used in RHEL6, but not the BIND 9.11 version using in RHEL7. I have a mix now. Does anyone have a REGEX for
    9.11, or better yet, a regex that matches both formats?

    --
    Bob Harold

    --000000000000096a3105a68fb7ff
    Content-Type: text/html; charset="UTF-8"
    Content-Transfer-Encoding: quoted-printable

    <div dir=3D"ltr">I am told from my Splunk experts that=C2=A0<span style=3D"= color:rgb(43,43,43);font-family:&quot;Segoe UI&quot;,&quot;Open Sans&quot;,= Arial,sans-serif;font-size:13px">the=C2=A0</span><span style=3D"color:rgb(4= 3,43,43);font-family:&quot;Segoe UI&quot;,&quot;Open Sans&quot;,Arial,sans-= serif;font-size:13px">vendor supplied=C2=A0</span><span style=3D"color:rgb(= 43,43,43);font-family:&quot;Segoe UI&quot;,&quot;Open Sans&quot;,Arial,sans= -serif;font-size:13px">Splunk app for isc-bind matches the BIND 9.8 version=
    used in RHEL6, but not the BIND 9.11 version using in RHEL7.=C2=A0 I have =
    a mix now.=C2=A0 Does anyone have a REGEX for 9.11, or better yet, a regex = that matches both formats?</span><br clear=3D"all"><div><div dir=3D"ltr" cl= ass=3D"gmail_signature" data-smartmail=3D"gmail_signature"><div dir=3D"ltr"= ><div><div dir=3D"ltr"><div><br>-- <br>Bob Harold</div><div><br></div></div= ></div></div></div></div></div>

    --000000000000096a3105a68fb7ff--
    --- Synchronet 3.18a-Linux NewsLink 1.113