Re: How to write the regex to extract URLs 32 to 4...

avis1119 · ‎09-09-2015

Hi Everyone,

I would like to write a regex for extracting URL's with 32 to 48 characters long and ending with .ru or .org..... there should not be any special characters involved before .org or .ru. Please help me in writing the regex

Thank you in advance.

aljohnson_splun · ‎09-09-2015

Hey @avis1119,

Whats good?

^(?<long_url>[\w\.-]{{32,48}(?=(?:\.org|\.ru)))

So this regular expression just gets a 32-48 character long string BEFORE a .org or a .ru. Its not very robust per se, it captures word characters (a-z, A-Z, 0-9, as well as a literal . and a dash and underscore). But if you were using it with rex in Splunk and had already defined a URL field, it should be fine, e.g.

| rex field=URL "^(?<long_url>[\w\.-]{32,48}(?=(?:\.org|\.ru)))"

https://regex101.com/r/vI6bY5/1

avis1119 · ‎09-09-2015

I have the field URL defined already.
it is not giving the exact output as i require... it should not include any spl characters even "." and "-" before TLD's. for example: hgwoui87864vhvbviobigb23Ajkbbjsgivu.org
eufvuUHOUVuw8y9814hviyiwh9283bhvcsdvg2tnbgbv.net

aljohnson_splun · ‎09-10-2015

just replace [\w\.-] with whatever you want like [a-z] for all lower case, [a-zA-Z] for lowercase and uppercase, [a-zA-Z0-9] for upper/lower/numbers.

How to write the regex to extract URLs 32 to 48 characters in length and ending with .ru or .org?

Index This | Forward, I’m heavy; backward, I’m not. What am I?

A Guide To Cloud Migration Success

Join Us for Splunk University and Get Your Bootcamp Game On!