Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Extract host name from FQDN while searching.

Ravan
Path Finder
‎02-07-2012 07:01 PM

Hi,

How can we extract hostname from FQDN at runtime(Need to include with in the query)

Ex: myhost.domain.com (OR) myhost.subdomain.maindomain.com

we need only myhost here ...

Tags (2)
0 Karma
Reply

kristian_kolb
Ultra Champion
‎02-07-2012 11:30 PM

Hi there,

I am assuming that you want to extract the hostname into a new field (since 'host' is a field that is always set). Just getting the host part of a FQDN is pretty straightforward (assuming that your field is called "FQDN");

... | rex field=FQDN "(?<host_name>[^.]+)\." | table host_name

and you can start using the new field straight away, as indicated above.

hope this helps,

Kristian

Reply

Ravan
Path Finder
‎02-07-2012 10:18 PM

in this case i have three fields (host,ip,os) , and we need to set the values in same "host"field.

Actual data :
host ip os
mywi2.R2.devel.in.com win
pctx1.R2.devel.in.com win
masymf.R1.prod.in.com win
swgdas.R2.devel.in.com win
dass.R2.devel.in.com win
swssch.R2.devel.in.com win

0 Karma
Reply

lguinn2
Legend
‎02-07-2012 09:33 PM

In order to help, we need to know more about the data - an example of the actual data (with identifying information anonymized) would be helpful. Also, are you talking about setting the value of the host field, or do you want to create a different field?

I assume that different events in the same input stream could have different hostnames.

Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...