From e3767f85fb185440cbf5101aa8d1eef890b2f185 Mon Sep 17 00:00:00 2001
From: Ryan Faircloth <35384120+rfaircloth-splunk@users.noreply.github.com>
Date: Tue, 23 Jun 2020 11:04:57 -0400
Subject: [PATCH] Update pps.conf (#542)

---
 package/etc/conf.d/filters/proofpoint/pps.conf | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/package/etc/conf.d/filters/proofpoint/pps.conf b/package/etc/conf.d/filters/proofpoint/pps.conf
index 6fd213c..ab5c7ba 100644
--- a/package/etc/conf.d/filters/proofpoint/pps.conf
+++ b/package/etc/conf.d/filters/proofpoint/pps.conf
@@ -3,12 +3,9 @@
 filter f_proofpoint_pps_filter {
     match("proofpoint_pps_filter", value("fields.sc4s_vendor_product") type(glob)) or
     (
-        (
         match('^(background|cvt|filter|pps)_instance\d+$' value("PROGRAM") type("pcre")) or
         match('^\/opt\/proofpoint\/pps-\d\.\d\.\d\.\d+\/\S' value("PROGRAM") type("pcre")) or
-        match('^queued-(alert|default|reinject|released)$' value("PROGRAM") type("pcre"))
-        ) and
-        match('^rprt\s' value(MESSAGE) type("pcre"))
+        match('^queued-(alert|default|digest|reinject|released)$' value("PROGRAM") type("pcre"))
     );
 };