Has anyone else ran into issues with a different logging format? When I look at my DNS logs, they don't match up with the regex expressions in transforms.conf
We're running BlueCat which has Bind version 9.9.5
Thx
The issue is that BlueCat is using CEF format for the DNS logs and not the native BIND ISC format. To generate native BIND ISC format, query logging needs to be enabled and then the logs exported to Splunk.
The issue is that BlueCat is using CEF format for the DNS logs and not the native BIND ISC format. To generate native BIND ISC format, query logging needs to be enabled and then the logs exported to Splunk.
If you provide more information like an example of the data and the regex you're using you will likely get an answer
The issue is that BlueCat is using CEF format for the DNS logs and not the native BIND ISC format. To generate native BIND ISC format, query logging needs to be enabled and then the logs exported to Splunk.