We have a list of large lookup files that are not supposed to be included in the search bundles, as configured below and found they are still in the bundle.
[replicationBlacklist]
blacklist_temp_lookups = [\/\_\.\-](backups)[_\.\-\/\\]
The files look like this in the file system;
apps/DA-ESS-AccessProtection/lookups/lookup_file_backups/abc2
apps/DA-ESS-AccessProtection/lookups/lookup_file_backups/bcd1
apps/search/lookups/lookup_file_backups/abcd5
apps/DA-ESS-ThreatIntelligence/lookups/lookup_file_backups/abcd4
apps/SplunkEnterpriseSecuritySuite/lookups/lookup_file_backups/xyz10
I've checked this regex in regex101.com which works fine for the above.
↧
