Hi - Was looking for some assistance in extracting the FQDNs from the paths below:
/var/log/remote/ldap.inftech.net/2021-08-03/auth.log
/var/log/remote/web-proxy-01.int.inftech.net/2021-08-03/proxy.log
/var/log/remote/ns01.inftech.net/2021-08-03/named.log
Regex isn't my strongest area, and one of the domains has an additional level, which makes it that much harder for me.
Hi @jaydee12
try this,
<your_search_goes_here>
| rex field=<your_field_name> "var\/log\/remote\/(?<fqdn>.+?)\/"
Hi @jaydee12
try this,
<your_search_goes_here>
| rex field=<your_field_name> "var\/log\/remote\/(?<fqdn>.+?)\/"
HI @venkatasri - Thanks for the quick reply. No, I wasn't able to get that to work. Basically what I am trying to do is extract the FQDN hostname so that I can use it in my input.conf file.
Similar to what this guy is doing:
@jaydee12 Rex looks fine see below. commands before | rex for testing you shall replace with your own search.
Yes, you are correct...that did work, Greatly appreciate your help!