[sigmac] [splunk] Unescaped . in query

[phantinuss]

Hi,

I think .s should be escaped in Splunk searches.

I create a query:

sigmac -t splunk -c tools/config/splunk-windows.yml rules/windows/process_creation/proc_creation_win_commandline_path_traversal.yml
((((ParentCommandLine="*cmd*" ParentCommandLine="*/c*" CommandLine="*/../../*")) NOT (((CommandLine="*\\Tasktop\\keycloak\\bin\\/../../jre\\bin\\java*")))))

and paste it to Splunk and start the search and the dots are removed:

When I escape the dots with \ the query seems to be functional