All Apps and Add-ons
Highlighted

how to extract an ip field and host name field from dest field into two diff fields

Path Finder

for ex my dest field has values like ,
ukepidmng104a.uk.standardchartered.com

10.193.60.17
I need to extract like hostname =ukepidmng104a and destip=10.193.60.17
Meanwhile , the field values should have null in destip field rows in hostname field and null in hostname in destip field values.

0 Karma
Highlighted

Re: how to extract an ip field and host name field from dest field into two diff fields

Splunk Employee
Splunk Employee

I couldn't deduce exactly what you started with, and what you needed, but I took a stab at it. I hope this query helps you:

| makeresults | eval dest = "ukepidmng104a.uk.standardchartered.com,10.193.60.17" | rex field=dest max_match=2 "(?<dest>[^,]+)"| mvexpand dest | eval dest_ip=if(match(dest, "\d+\.\d+\.\d+\.\d+"), dest, null()) | eval host_name=if(match(dest, "\d+\.\d+\.\d+\.\d+"), null(), dest)

View solution in original post

0 Karma
Highlighted

Re: how to extract an ip field and host name field from dest field into two diff fields

Path Finder

thank you..

0 Karma