I want splunk to have host as "scc145" and "dmzbackend", and etc..
I have this in inputs.conf:
host_regex = ([^0-9./][A-Za-z0-9-]*[^.audit.log])
host_regex = /audit/files/([^0-9./][A-Za-z0-9-]*[^.audit.log])
That regex works just fine on sites like regex101.com. Splunk won't use it correctly. I've tried a ton of variations (for example approaches that don't use the caret) which work fine for regex, but Splunk won't use it.