Hi Splunkers,
I am trying to extract the hosts via regex.
host="*" | regex host="([a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,6}" | dedup host | table host | sort -host
The problem is that some hosts have a name and some of them come with the full domain name.
For example:
host
xd-test-app05.abc-xz.com
xd-test-app04.abc-xz.com
xd-test-app03
xd-test-app03.abc-xz.com
xd-test-app02
xd-test-app02.abc-xz.com
xd-test-app01.abc-xz.com
xd-shared-db01.abc-xz.com
xd-qa-app08.abc-xz.com
Is there a way to add an exception to my regex?
Thanks in advance for your help.
regards
Mike
If they're all from the same domain
host="*" | rex field=host "^(?<host>[^.]+)" | dedup host | table host | sort -host
If they're all from the same domain
host="*" | rex field=host "^(?<host>[^.]+)" | dedup host | table host | sort -host
A lot of the expression was lost in the formatting, now (amongst other things) the period is escaped properly.
Hi, I can't answer the question regarding The "." in my capture group since I just copied that from an example. St this point I can't provide Any sourcedata since i am not in The office any more. But The source is nothing special Art all.
What does the source data look like, are they all fqdn's? Why do you have . in your capture group, as that should match any character.