BIND log format Splunk regex

[Bob Harold]

I am told from my Splunk experts that the vendor supplied Splunk app for
isc-bind matches the BIND 9.8 version used in RHEL6, but not the BIND 9.11
version using in RHEL7.  I have a mix now.  Does anyone have a REGEX for
9.11, or better yet, a regex that matches both formats?

-- 
Bob Harold
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200526/31287d9d/attachment.htm>