How to write the regex to extract this IP from my data?

venkatalbert — Wed, 24 Feb 2016 14:32:28 GMT

Hello Team,

I have the below log details and I need to extract only the IP that comes after /. Id remains same for all the commands.

There is no proper field that includes dn, so its hard to extract based on any field.

[2016-02-08T10:29:51.992-05:00] [octetstring] [TRACE] [] [com.octetstring.vde.DoSManager] [tid: 1841020] [ecid: 0000LB1RQ_gB9Dyso4P__m1MAxqb01VGWZ,0] [SRC_CLASS: com.octetstring.vde.util.VDELogger] [SRC_METHOD: debug] UnBind: cn=id,ou=applications,ou=example,ou=example,dc=eg,dc=com/54.16.26.209.

Thanks,
Venkat

Re: How to write the regex to extract this IP from my data?

somesoni2 — Wed, 24 Feb 2016 18:31:33 GMT

Try something like this (run anywhere sample)

| gentimes start=-1 | eval _raw="[2016-02-08T10:29:51.992-05:00] [octetstring] [TRACE] [] [com.octetstring.vde.DoSManager] [tid: 1841020] [ecid: 0000LB1RQ_gB9Dyso4P__m1MAxqb01VGWZ,0] [SRC_CLASS: com.octetstring.vde.util.VDELogger] [SRC_METHOD: debug] UnBind: cn=id,ou=applications,ou=example,ou=example,dc=eg,dc=com/54.16.26.209." | table _raw 
| rex "dc=\S+\/(?<IPAddress>\d+\.\d+\.\d+\.\d+)"

topic Re: How to write the regex to extract this IP from my data? in Splunk Search

How to write the regex to extract this IP from my data?

Re: How to write the regex to extract this IP from my data?