From 5d8cedb9ac3503eef5db1a4d7c8254926988692e Mon Sep 17 00:00:00 2001
From: rfaircloth-splunk <rfaircloth@splunk.com>
Date: Tue, 7 Apr 2020 20:21:24 -0400
Subject: [PATCH] Fix glob for checkpoint

---
 package/etc/conf.d/filters/checkpoint/splunk.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/etc/conf.d/filters/checkpoint/splunk.conf b/package/etc/conf.d/filters/checkpoint/splunk.conf
index df1919b..cd2b8c4 100644
--- a/package/etc/conf.d/filters/checkpoint/splunk.conf
+++ b/package/etc/conf.d/filters/checkpoint/splunk.conf
@@ -1,8 +1,8 @@
 filter f_checkpoint_splunk {
     match('\|(?:origin_sic_name|originsicname)\=[cC][nN]|\|product\=SmartConsole\|' value("MSG") type("pcre")) or
     match('\|(?:origin_sic_name|originsicname)\=[cC][nN]|\|product\=SmartConsole\|' value("LEGACY_MSGHDR") type("pcre")) or
-    match('|product\=Syslog\|ifdir=inbound\|loguid\=' value("MSG") type("pcre")) or
-    match('|product\=Syslog\|ifdir=inbound\|loguid\=' value("LEGACY_MSGHDR") type("pcre"));
+    match('*|product=Syslog|ifdir=inbound|loguid=*' value("MSG") type("glob")) or
+    match('*|product=Syslog|ifdir=inbound|loguid=*' value("LEGACY_MSGHDR") type("glob"));
 };
 
 filter f_checkpoint_splunk_alerts {