How can I get this in a regex that I can use in Splunk?
/[^aA-zZ].[0-9].log
I need to create an alert that looks at /home///log/*** and picks up only what matches the above string.
How can I put that in a search in Splunk?
Try this:
source=/home///log/*| rex field=source "(?P[^aA-zZ].[0-9].log)"
Regardless, the command you need is the rex field=fieldname"regex_goes_here" part to get the regex working within the search.
https://docs.splunk.com/Documentation/Splunk/7.2.3/SearchReference/Rex
