Splunk Search

Help with rex for part of a file path

rileyken2
Path Finder

Here is my path:

C:\WebLogs\sample.domain.com\W3SVC1\u_ex191121.log

I would like to grab just the "sample.domain.com" part.

Some of my files are on the E drive and the W3CSVC folders vary, but the sample.domain.com part is always the same format, although it may be sample1.domain2.com (changing, but always a valid url).

It's my source field so I am hoping for something like rex field=source "super regex here".

I really appreciate the help!

Tags (3)
0 Karma
1 Solution

woodcock
Esteemed Legend

Like this:

... | rex  field=path "^(?:[^\\]+\\){2}(?<domain>[^\\]+)"

View solution in original post

vnravikumar
Champion

Hi

Try this

| makeresults 
| eval test="C:\WebLogs\sample.domain.com\W3SVC1\u_ex191121.log" 
| eval domain = mvindex(split(test,"\\"),2)
0 Karma

rileyken2
Path Finder

I can not take the time or Regex seems to difficult to master for occasional problems, so I really appreciate the mvindex idea, I will definitely use this, thanks vnravikumar!

0 Karma

louismai
Path Finder

Please use '\\' to escape '\'
| rex field=path "^(?:[^\]+\){2}(?[^\]+)"

0 Karma

woodcock
Esteemed Legend

Like this:

... | rex  field=path "^(?:[^\\]+\\){2}(?<domain>[^\\]+)"

rileyken2
Path Finder

I get an error, it doesn't seem to be missing a ] anywhere..?

Error in 'rex' command: Encountered the following error while compiling the regex '^(?:[^]+){2}(?[^]+)': Regex: missing terminating ] for character class.

0 Karma

rileyken2
Path Finder

I added some more backslashes and it worked like a charm! Thanks Woodcock

0 Karma
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...