Update lp-paloalto_panos.conf.tmpl

package/etc/conf.d/log_paths/lp-paloalto_panos.conf.tmpl

@@ -56,25 +56,25 @@ log {
 
     #set the source type based on program field and lookup index from the splunk_context csv
 
-    if (message(',\d+,THREAT')) {
+    if (message(',[0-9A-F]+,THREAT')) {
         rewrite { r_set_splunk_dest_default(sourcetype("pan:threat"), index("netproxy"))};
         parser {p_add_context_splunk(key("pan_threat")); };
-    } elif (message(',\d+,TRAFFIC')) {
+    } elif (message(',[0-9A-F]+,TRAFFIC')) {
         rewrite { r_set_splunk_dest_default(sourcetype("pan:traffic"), index("netfw"))};
         parser {p_add_context_splunk(key("pan_traffic")); };
-    } elif (message(',\d+,SYSTEM')) {
+    } elif (message(',[0-9A-F]+,SYSTEM')) {
         rewrite { r_set_splunk_dest_default(sourcetype("pan:system"), index("netops"))};
         parser {p_add_context_splunk(key("pan_system")); };
-    } elif (message(',\d+,CONFIG')) {
+    } elif (message(',[0-9A-F]+,CONFIG')) {
         rewrite { r_set_splunk_dest_default(sourcetype("pan:config"), index("netops"))};
         parser {p_add_context_splunk(key("pan_config")); };
-    } elif (message(',\d+,HIPWATCH')) {
+    } elif (message(',[0-9A-F]+,HIPWATCH')) {
         rewrite { r_set_splunk_dest_default(sourcetype("pan:hipwatch"), index("main"))};
         parser {p_add_context_splunk(key("pan_hipwatch")); };
-    } elif (message(',\d+,CORRELATION')) {
+    } elif (message(',[0-9A-F]+,CORRELATION')) {
         rewrite { r_set_splunk_dest_default(sourcetype("pan:correlation"), index("main"))};
         parser {p_add_context_splunk(key("pan_correlation")); };
-    } elif (message(',\d+,USERID')) {
+    } elif (message(',[0-9A-F]+,USERID')) {
         rewrite { r_set_splunk_dest_default(sourcetype("pan:userid"), index("netauth"))};
         parser {p_add_context_splunk(key("pan_userid")); };
     } else {