[source::...incident_intelligence_modalert.log*]
sourcetype = splunkincidentintelligenceapp:log