I'm looking for a way (through a cmdline for example) to check whether my rules inside transforms.conf are correct or not ?
I've checked them with a grep of course in cmdline, but either I mis-understood the way transforms.conf works or there is an issue in the regexp (which I'd therefore like to validate).
My goal is that I don't want to send to the indexer all the lines that match one of the 4 regexp bellow.
I have I syslog VM on which I have a UF (ie: the conf bellow) and another VM : Splunk (indexer head) that receive data.
ideally I'd like to find a way to do something like: