I have SQUID logs, which have URL with domains or IP addresses instead of domains:
google.com/search
217.212.123.211:443
I try to extract field with this regex:
(?:[^#\n]*#){4}(?:http\:\/\/)*(?:[^\/\.]+\.)*(?P<domain_or_ip>(?:(?:\d{1,3}\.){3}\d{1,3})|(?:[^\/\.]+\.[^\/\.]+))(?:\/|\:).*
But it extracts only 2 octets from IP address (with domains all ok). If I try to remove OR-part from regex it works perfectly for IP addresses or for domain names, e.g. for ip-addresses:
(?:[^#\n]*#){4}(?:http\:\/\/)*(?:[^\/\.]+\.)*(?P<ip>(?:\d{1,3}\.){3}\d{1,3})(?:\/|\:).*
And here is a question: in what way I should realize such extraction?
... View more