Solved: how to extract an ip field and host name field fro...

umsundar2015 · ‎02-21-2016

for ex my dest field has values like ,
ukepidmng104a.uk.standardchartered.com

10.193.60.17
I need to extract like host_name =ukepidmng104a and dest_ip=10.193.60.17
Meanwhile , the field values should have null in dest_ip field rows in host_name field and null in host_name in dest_ip field values.

bshuler_splunk · ‎08-24-2016

I couldn't deduce exactly what you started with, and what you needed, but I took a stab at it. I hope this query helps you:

| makeresults | eval dest = "ukepidmng104a.uk.standardchartered.com,10.193.60.17" | rex field=dest max_match=2 "(?<dest>[^,]+)"| mvexpand dest | eval dest_ip=if(match(dest, "\d+\.\d+\.\d+\.\d+"), dest, null()) | eval host_name=if(match(dest, "\d+\.\d+\.\d+\.\d+"), null(), dest)

View solution in original post

umsundar2015 · ‎10-04-2016

thank you..

bshuler_splunk · ‎08-24-2016

I couldn't deduce exactly what you started with, and what you needed, but I took a stab at it. I hope this query helps you:

| makeresults | eval dest = "ukepidmng104a.uk.standardchartered.com,10.193.60.17" | rex field=dest max_match=2 "(?<dest>[^,]+)"| mvexpand dest | eval dest_ip=if(match(dest, "\d+\.\d+\.\d+\.\d+"), dest, null()) | eval host_name=if(match(dest, "\d+\.\d+\.\d+\.\d+"), null(), dest)

how to extract an ip field and host name field from dest field into two diff fields

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!