Hi everyone,
I'm very new here. I need support with extracting this field, "safeframe.googlesyndication.com" from "ofc62fbe04078e8d3b0843298ad3421d.safeframe.google syndication.com" using regex expressions or is there any other command I can use to delete the crap before the urlhost?
Thank you.
Thank you for your help. I tried that and it returned all fields with the aforementioned domain but it did not eliminate the alphanumeric characters before it.
Can you share some examples of it not working?
So, the url_host returns IP addresses and some important domain names that I need but a lot of the domain names have those alphanumeric characters attached to them. I don't want the alphanumeric characters to be returned as well. I just need the domain name.
This is just a restatement of the problem, please can you give concrete examples of events that you have where the process provided is not giving you the results you want.
Assuming your field is called field and that the "crap" contains no dots, try something like this
| rex mode=sed field=field "s/[^\.]+\.(?<x>.*$)/\\1/g"