All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

URL Toolbox not parsing ut_domain correctly if a TLD string is part of the domain name

teresachila
Path Finder
‎02-26-2024 05:32 PM

Running the code below will yield ut_domain as ".com" instead of "somethin.shop". It seems like if the subdomain contains a valid TLD string (e.g. .com), then ut_domain is not parsed correctly. A domain "somethingbad.shop" will be parsed correctly as it recognizes .shop as a TLD.

 

 

 

| makeresults | eval domain_full = "something.com.somethin.shop"
| eval list="*" | `ut_parse(domain_full, list)`

 

 

 

 Is it a bug? If so, how can we report it? Any workaround you can think of while waiting for bug fix?

 

0 Karma
Reply

marnall
Motivator
‎04-14-2024 07:22 AM

The UT toolbox app relies on some .dat files in the $SPLUNKDIR$/etc/apps/utbox/bin/ directory which list the known TLD suffixes. Unfortunately, ".shop" is not listed in them.

To add the ".shop" tld, you can edit the suffix_list_custom.dat file at:

$SPLUNKDIR$/etc/apps/utbox/bin/suffix_list_custom.dat

and add a line containing "shop". A restart is not required to apply this change.

Then try your query again and the ut_domain field value should now be "somethin.shop" as desired.

0 Karma
Reply

wryanthomas
Contributor
‎06-25-2024 08:14 AM

In fully managed Splunk Cloud context, we don't have access to the file system, so we can't readily edit the custom.dat file.  This is a plea to the developers:  Could you please update this app to address this need?  Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...