Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Can you help me come up with the regex to get the ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jtotzek
Explorer
11-06-2018
03:28 AM
Hi,
I tried many things but I still cannot get to the correct result.
my field value looks like this
http://34.223.245.254/path/user.html
http://sub.domain.com/D2-Client
https://sub.domain.ph
and in the output I just want
http://34.223.245.254
http://sub.domain.com
https://sub.domain.ph
so far it looks like this:
BASE-SEARCH | rex field="MY_FIELD_NAME" "(REGEX)" | stats values("domain")
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
renjith_nair
Legend
11-06-2018
04:00 AM
@jtotzek,
Give this a try and see if it works,
|rex field=YOUR_FIELD_NAME "(?<domain>https?:\/\/[^\/]+)"
Happy Splunking!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ddrillic
Ultra Champion
11-15-2018
06:42 AM
You can try -
BASE-SEARCH | erex _raw url "http://34.223.245.254,http://sub.domain.com,https://sub.domain.ph"
Under Job you should see the generated regex...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
renjith_nair
Legend
11-06-2018
04:00 AM
@jtotzek,
Give this a try and see if it works,
|rex field=YOUR_FIELD_NAME "(?<domain>https?:\/\/[^\/]+)"
Happy Splunking!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jtotzek
Explorer
11-06-2018
04:45 AM
wow, perfect! I was almost there! thanks a lot!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
renjith_nair
Legend
11-06-2018
07:50 AM
@jtotzek, glad it worked for you. Please accepts answer to close the thread
Happy Splunking!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
renjith_nair
Legend
11-15-2018
02:05 AM
@jtotzek, do you have any other question on this ? If not, kindly accept as answer .
Happy Splunking!
Get Updates on the Splunk Community!
Announcing Scheduled Export GA for Dashboard Studio
We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...
Extending Observability Content to Splunk Cloud
Watch Now!
In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...
