https://community.splunk.com/t5/Splunk-Search/Extract-IP-from-TCPDUMP/m-p/86521#M22062 <P>The IFX does not show the 192.54.112.34.domain or the 61.220.8.179.61415: 32341 fields. Why is that?</P> Thu, 11 Oct 2012 19:42:37 GMT DTERM 2012-10-11T19:42:37Z https://community.splunk.com/t5/Splunk-Search/Extract-IP-from-TCPDUMP/m-p/86519#M22060 <P>How can I extract the source IP from the following log format?</P> <P>16:13:40.860435 IP 192.54.112.34.domain &gt; 61.220.8.179.61415: 32341- 0/5/6 (207)</P> <P>All I'm interested in is the 192.54.112.34 IP address?</P> <P>Thanks....</P> Wed, 10 Oct 2012 20:48:59 GMT https://community.splunk.com/t5/Splunk-Search/Extract-IP-from-TCPDUMP/m-p/86519#M22060 DTERM 2012-10-10T20:48:59Z https://community.splunk.com/t5/Splunk-Search/Extract-IP-from-TCPDUMP/m-p/86520#M22061 <P>Umm, use the Interactive Field Extractor? I would write in more detail on creating your own regex, but seeing as I recall you asking the same kind of question before it seems you would benefit from using the IFX.</P> Wed, 10 Oct 2012 21:10:20 GMT https://community.splunk.com/t5/Splunk-Search/Extract-IP-from-TCPDUMP/m-p/86520#M22061 Ayn 2012-10-10T21:10:20Z https://community.splunk.com/t5/Splunk-Search/Extract-IP-from-TCPDUMP/m-p/86521#M22062 <P>The IFX does not show the 192.54.112.34.domain or the 61.220.8.179.61415: 32341 fields. Why is that?</P> Thu, 11 Oct 2012 19:42:37 GMT https://community.splunk.com/t5/Splunk-Search/Extract-IP-from-TCPDUMP/m-p/86521#M22062 DTERM 2012-10-11T19:42:37Z