Hi,

I am new to splunk. Need some help in log filtering. I have below example log:
p 12 02:04:55 xxx,[DEFAULT_LOG] 2019-09-12 02:04:52,066 xxxxxxxxxxxxx
Sep 12 02:04:55 xxx,[AUDIT_LOG] 2019-09-12 02:04:51,309 xxxxxxxxx
Sep 12 02:04:55 xxx,[DEFAULT_LOG] 2019-09-12 02:04:51,904 xxxxxxx
p 12 02:04:55 xxx,[AUTH_LOG] 2019-09-12 02:04:52,066 xxxxxxxxxxx

I need to get only AUDIT_LOG and AUTH_LOG entry. How to write props and transforms confic file for this.

Thanks