BIND log format Splunk regex

Bob Harold rharolde at
Tue May 26 16:37:33 UTC 2020

I am told from my Splunk experts that the vendor supplied Splunk app for
isc-bind matches the BIND 9.8 version used in RHEL6, but not the BIND 9.11
version using in RHEL7.  I have a mix now.  Does anyone have a REGEX for
9.11, or better yet, a regex that matches both formats?

Bob Harold
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list