https://community.splunk.com/t5/Splunk-Search/Can-someone-help-with-regex-to-extract-new-field/m-p/638730#M221319 <P>Here's an example - is this what you are after with the rex statement?</P><LI-CODE lang="markup">| makeresults | eval site="site: mclaudelinemugasqiln.platinilemu.com:1227" | rex field=site "site:\s?(?&lt;domain&gt;.*)"</LI-CODE><P>This assumes that the site field contains that entire string, i.e. "site: xxx" where xxx is the domain you want to extract.</P><P>This creates a new field called domain.</P> Tue, 04 Apr 2023 23:21:20 GMT bowesmana 2023-04-04T23:21:20Z https://community.splunk.com/t5/Splunk-Search/Can-someone-help-with-regex-to-extract-new-field/m-p/638713#M221312 <P>Hello Team,</P> <P>can anyone help me with the extraction of new field</P> <P>&nbsp;</P> <P>input: site: mclaudelinemugasqiln.platinilemu.com:1227</P> <P>&nbsp;site is a field</P> <P>domain is&nbsp;mclaudelinemugasqiln.platinilemu.com:1227</P> <P>i want this output:&nbsp;mclaudelinemugasqiln.platinilemu.com:1227</P> <P>&nbsp;</P> <P>Thank you</P> Wed, 05 Apr 2023 16:28:45 GMT https://community.splunk.com/t5/Splunk-Search/Can-someone-help-with-regex-to-extract-new-field/m-p/638713#M221312 pacifiquen 2023-04-05T16:28:45Z https://community.splunk.com/t5/Splunk-Search/Can-someone-help-with-regex-to-extract-new-field/m-p/638730#M221319 <P>Here's an example - is this what you are after with the rex statement?</P><LI-CODE lang="markup">| makeresults | eval site="site: mclaudelinemugasqiln.platinilemu.com:1227" | rex field=site "site:\s?(?&lt;domain&gt;.*)"</LI-CODE><P>This assumes that the site field contains that entire string, i.e. "site: xxx" where xxx is the domain you want to extract.</P><P>This creates a new field called domain.</P> Tue, 04 Apr 2023 23:21:20 GMT https://community.splunk.com/t5/Splunk-Search/Can-someone-help-with-regex-to-extract-new-field/m-p/638730#M221319 bowesmana 2023-04-04T23:21:20Z https://community.splunk.com/t5/Splunk-Search/Can-someone-help-with-regex-to-extract-new-field/m-p/639132#M221448 <P>... | rename site AS domain | table domain</P> Fri, 07 Apr 2023 01:16:15 GMT https://community.splunk.com/t5/Splunk-Search/Can-someone-help-with-regex-to-extract-new-field/m-p/639132#M221448 woodcock 2023-04-07T01:16:15Z https://community.splunk.com/t5/Splunk-Search/Can-someone-help-with-regex-to-extract-new-field/m-p/639149#M221455 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/250798">@pacifiquen</a>&nbsp;- Use the below command within your search:</P><LI-CODE lang="markup">| rex field=input "site:\s*(?&lt;domain&gt;^\s+)"</LI-CODE><P>&nbsp;</P><P>I hope this helps!!!&nbsp;</P> Fri, 07 Apr 2023 05:29:31 GMT https://community.splunk.com/t5/Splunk-Search/Can-someone-help-with-regex-to-extract-new-field/m-p/639149#M221455 VatsalJagani 2023-04-07T05:29:31Z