Solved: Re: Extracting domain name from URL

pjtbasu · ‎09-10-2020

Hi,

I've a field with name URL and values are like this --

https://community.splunk.com/t5/forums/postpage/21321231312331112/id
http://www.google.com/search?rlz=1C1GCEA_enU

I need to extract it like this (it can be http or https and it can be other tld too)-

https://community.splunk.com
http://www.google.com

So basically need a rex like this - parta://partb/Ignorable_strings and then I'll concatenate parta and partb fields to get desired result. Someone please help.

thambisetty · ‎09-10-2020

| rex field=url "^(?<main_domain>\w+\:\/\/[^\/]+)"

output will be extracted to new field called main_domain

if you need parta and partb and igorable_strings use below:

| rex field=url "^(?<parta>\w+)\:\/\/(?<partb>[^\/]+)\/(?<ignorable_strings>.*)"

————————————
If this helps, give a like below.

View solution in original post

pjtbasu · ‎09-13-2020

Thank you!

Possible for you to explain the parts of first regex like how it is working ? Are you aware of any specific documentation which will help me understand/learn complex splunk regex ?

thambisetty · ‎09-13-2020

https://www.youtube.com/watch?v=LoiyiCVGLnw

————————————
If this helps, give a like below.

thambisetty · ‎09-10-2020

| rex field=url "^(?<main_domain>\w+\:\/\/[^\/]+)"

output will be extracted to new field called main_domain

if you need parta and partb and igorable_strings use below:

| rex field=url "^(?<parta>\w+)\:\/\/(?<partb>[^\/]+)\/(?<ignorable_strings>.*)"

————————————
If this helps, give a like below.

Extracting domain name from URL

regex

rex

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!