Skip to content

Instantly share code, notes, and snippets.

@jorritfolmer

jorritfolmer/gist:c421749cd1520b8e2425bd80dc7f25de

Created February 16, 2021 09:09
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jorritfolmer/c421749cd1520b8e2425bd80dc7f25de to your computer and use it in GitHub Desktop.
Save jorritfolmer/c421749cd1520b8e2425bd80dc7f25de to your computer and use it in GitHub Desktop.
Download ZIP
Regex to parse AWS Route53 DNS logging in Splunk via CloudWatch logs
Raw
gistfile1.md

AWS Route53 DNS logging via CloudWatch Logs

^\S+ \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d+Z \S+ (?<query>\S+) (?<record_type>\S+) (?<reply_code>\S+) (?<transport>\w+) (?<dest>\S+) (?<src>\S+) (?<vendor_edns_client_subnet>\S+)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment