During the splunk server restart and written into _internal index the error reported below is displayed - seems to be introduced by the default configuration on which the app is provided.
Well, any help you that you could give us to solve the error would be appreaciated.
index=_internal eventtype="splunkd-log" log_level=ERROR
05-17-2018 19:07:52.840 +0200 ERROR SearchOperator:kv - Cannot compile RE \"[\w-\.]{1,30})\"\s*(sid=\"(?\d*)")?\s*(stype=\"(?[\w-]{1,30})\")?\" for transform 'EXTRACT-malware-info_for_fireeye': Regex: invalid range in character class
↧