Hello all,
I'm brand new to Splunk, so please have patience with me.
I want to convert our hostnames to a net mask.
Our servers and workstations must be in a specific format eg. AB000SV00100 (SV = Server) or AB200WS90032 (WS = Workstation). The FQDN looks like eg. servername.domain.corp.company.com, but can come in other flavours like servername.companyname.com or just the servername.
To be able to find servers or workstations that do not comply with this format, I want to convert it to a mask so it will look like this:
AB120SV90039.mydomain.corp.company.com --> 110001100000.11111111.1111.1111111.111 (Letters = 1 and Numbers = 0) or
AB220WS00002.company.com --> 110001100000.1111111.111 or
AB566LX23456 --> 110001100000 and so on.
When this is done I want to use clustering or ML to see what falls outside the normal. But I haven't figured out how to do that conversion. Can this be done in Splunk?
Best regards
Per Bejder
... View more