Splunk Search

Create a filed from lookup data

raghu0463
Explorer

Hi,

I would like to extract a field from lookup data, can i use below search for extraction

| inputlookup dataframedata.csv |regex "\s(?\A\w{1,2}+).gmail.com"

i'm trying to extract only xxxxx as server from the below field

Server_domain
xxxxxxxxxxxx.gmail.com

Tags (1)
0 Karma

raghu0463
Explorer

Examples for server_domain

dcxnaikg102.gmail.com
aedpmna002.gmail.com
xhnaskkjsyh561.gmail.com

0 Karma

mayurr98
Super Champion

what do you want to extract from all these server_domains?

0 Karma

mayurr98
Super Champion

try this :

| inputlookup dataframedata.csv |rex field=Server_domain "(?<server>[^\.]+)\.gmail\.com"

let me know if this helps!

Get Updates on the Splunk Community!

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...