Splunk Search

Can you help me come up with the regex to get the domain + scheme?

jtotzek
Explorer

Hi,

I tried many things but I still cannot get to the correct result.

my field value looks like this
http://34.223.245.254/path/user.html
http://sub.domain.com/D2-Client
https://sub.domain.ph

and in the output I just want
http://34.223.245.254
http://sub.domain.com
https://sub.domain.ph

so far it looks like this:

BASE-SEARCH | rex field="MY_FIELD_NAME" "(REGEX)" | stats values("domain")
Tags (2)
0 Karma
1 Solution

renjith_nair
Legend

@jtotzek,

Give this a try and see if it works,

|rex field=YOUR_FIELD_NAME "(?<domain>https?:\/\/[^\/]+)"
---
What goes around comes around. If it helps, hit it with Karma :slightly_smiling_face:

View solution in original post

ddrillic
Ultra Champion

You can try -

BASE-SEARCH | erex _raw url "http://34.223.245.254,http://sub.domain.com,https://sub.domain.ph"

Under Job you should see the generated regex...

0 Karma

renjith_nair
Legend

@jtotzek,

Give this a try and see if it works,

|rex field=YOUR_FIELD_NAME "(?<domain>https?:\/\/[^\/]+)"
---
What goes around comes around. If it helps, hit it with Karma :slightly_smiling_face:

jtotzek
Explorer

wow, perfect! I was almost there! thanks a lot!

0 Karma

renjith_nair
Legend

@jtotzek, glad it worked for you. Please accepts answer to close the thread

---
What goes around comes around. If it helps, hit it with Karma :slightly_smiling_face:
0 Karma

renjith_nair
Legend

@jtotzek, do you have any other question on this ? If not, kindly accept as answer .

---
What goes around comes around. If it helps, hit it with Karma :slightly_smiling_face:
0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...