From b4f2620c79b1d0930e2fd10af9d3a5a8d2a44616 Mon Sep 17 00:00:00 2001
From: Ryan Faircloth <35384120+rfaircloth-splunk@users.noreply.github.com>
Date: Fri, 7 Aug 2020 14:53:02 -0400
Subject: [PATCH] [filtermod] Fix issue with cp nested syslog (#614)

---
 package/etc/conf.d/filters/checkpoint/splunk.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/etc/conf.d/filters/checkpoint/splunk.conf b/package/etc/conf.d/filters/checkpoint/splunk.conf
index 0bbb3f6..ea3ff3c 100644
--- a/package/etc/conf.d/filters/checkpoint/splunk.conf
+++ b/package/etc/conf.d/filters/checkpoint/splunk.conf
@@ -1,8 +1,8 @@
 filter f_checkpoint_splunk {
     match('\|(?:origin_sic_name|originsicname)\=[cC][nN]|\|product\=SmartConsole\|' value("MSG") type("pcre")) or
     match('\|(?:origin_sic_name|originsicname)\=[cC][nN]|\|product\=SmartConsole\|' value("LEGACY_MSGHDR") type("pcre")) or
-    match('|product=Syslog|ifdir=inbound|loguid=' value("MSG") type("glob")) or
-    match('|product=Syslog|ifdir=inbound|loguid=' value("LEGACY_MSGHDR") type("glob"));
+    match('\|product=Syslog\|ifdir=inbound\|loguid=' value("MSG")) or
+    match('\|product=Syslog\|ifdir=inbound\|loguid=' value("LEGACY_MSGHDR"));
 };
 
 filter f_checkpoint_splunk_alerts {