I'm working to simplify a serverclass.conf and am struggling to get regex working.
For example:
[serverClass:ConfigUnixBase_OnPrem_Denver_Lab]
whitelist.0 = (?i)dhe[li]* # denver non-prod
blacklist.0 = SPLUNK-DEPLOY*
blacklist.1 = SPLUNK-CMASTER*
blacklist.2 = SPLUNK-LICENSE*
blacklist.3 = SPLUNK-SEARCH*
blacklist.4 = SPLUNK-INDEXER*
blacklist.5 = SPLUNK-HVYFWD*
blacklist.6 = nhex* # new york prod
blacklist.7 = nhed* # new york lab/dev
blacklist.7 = nhep* # new york lab/dev
I have hosts phoning in with the names `dhelapp001` and `DHEIAPP001` and neither are matching the whitelist.
I'm reading the manual and I feel this should work from these lines:
* These patterns are PCRE regular expressions, with the following aids for
easier entry:
* You can specify simply '.' to mean '\.'
* You can specify simply '*' to mean '.*'
* Matches are always case-insensitive; you do not need to specify the '(?i)' prefix.
I've been banging at this for hours and cannot wrap my head around what regex can actually live in this value. Shouldnt `(?i)dhe[li]*` work in this case? Alternatively, I could list these out on two rows but then I have to duplicate even those to get around case-sensitivity (eg: `dhel*` will not match `DHEL*`).
↧