^\S+ \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d+Z \S+ (?<query>\S+) (?<record_type>\S+) (?<reply_code>\S+) (?<transport>\w+) (?<dest>\S+) (?<src>\S+) (?<vendor_edns_client_subnet>\S+)
Created
February 16, 2021 09:09
-
-
Save jorritfolmer/c421749cd1520b8e2425bd80dc7f25de to your computer and use it in GitHub Desktop.
Regex to parse AWS Route53 DNS logging in Splunk via CloudWatch logs
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment