Hi,
I've a field with name URL and values are like this --
https://community.splunk.com/t5/forums/postpage/21321231312331112/id
http://www.google.com/search?rlz=1C1GCEA_enU
I need to extract it like this (it can be http or https and it can be other tld too)-
https://community.splunk.com
http://www.google.com
So basically need a rex like this - parta://partb/Ignorable_strings and then I'll concatenate parta and partb fields to get desired result. Someone please help.
| rex field=url "^(?<main_domain>\w+\:\/\/[^\/]+)"
output will be extracted to new field called main_domain
if you need parta and partb and igorable_strings use below:
| rex field=url "^(?<parta>\w+)\:\/\/(?<partb>[^\/]+)\/(?<ignorable_strings>.*)"
Thank you!
Possible for you to explain the parts of first regex like how it is working ? Are you aware of any specific documentation which will help me understand/learn complex splunk regex ?
https://www.youtube.com/watch?v=LoiyiCVGLnw
| rex field=url "^(?<main_domain>\w+\:\/\/[^\/]+)"
output will be extracted to new field called main_domain
if you need parta and partb and igorable_strings use below:
| rex field=url "^(?<parta>\w+)\:\/\/(?<partb>[^\/]+)\/(?<ignorable_strings>.*)"