Hi
How to extract the Destination-IP = 11.12.13.14 from the below Raw data
1484665774.320 9 1.2.23.33 TCP_MISS/200 2584 GET http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAcIgiY.img?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f... "vvfbvfdbf" DIRECT/img-s-msn-com.akamaized.net image/jpeg NONE-NONE-NONE-DefaultGroup - User-Agent = "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", Destination-IP = 11.12.13.14, Threat-Reason = -
Here ya go, field is called "IP_Address"
... | rex Destination-IP\s\=\s(?<IP_Address>\d+\.\d+\.\d+\.\d+)
Here ya go, field is called "IP_Address"
... | rex Destination-IP\s\=\s(?<IP_Address>\d+\.\d+\.\d+\.\d+)
Thank you !
Did the interface omit some characters?