in my event i want to extract TLD's
i want to extract:
com
news
tech
net
org
please help me with rex?
thanks in advance
URL Toolbox: https://splunkbase.splunk.com/app/2734/
Try this
(?<TLD>\.\w+?)(?:$|\/)
rex field=your_field "(?<TLD>com|news|tech|net|org)"
Hi @vikram1583,
Try this:
| rex "\w*\.(?<tld>[a-z]+)$"
not working
not working
hec? what is "TLD" you say?
Please share some raw data.
@vikram1583 What do your logs look like? Are you extracting from fields that already identified websites or email addresses or do you have a mess in your logs that you need to identify the pattern first and then the TLD? Are these URL's fully qualified, like https://www.example.com/, or are the more like example.com? Do they end at the TLD, or continue with parameters/directories/etc.? Details and a log sample will go a long way in people being able to help you efficiently.
@vikram1583 I maintain that this will go better with more details and a log sample. Please edit your question with a sample log (scrub for anything sensitive). Some of these proposed solutions aren't successful against patterns such as:
https://answers.splunk.com/answers/806969/need-rex-help.html (where the valid TLD is com)
www.example.wanggou (where the valid TLD would be wanggou)
etc.