Solved: How can I replace Parenthesis in a URL field with ...

yossefn · ‎06-18-2020

Hi,

I have a DNS logs with Parenthesis + numbers instead of Dots in the URL filed.

How can I replace them with a Dots?

Below are some examples from the logs.

(5)_ldap(4)_tcp(5)cmp(6)_sites(3)rub(3)net(2)oz(0)
(4)wpad(3)rub(3)net(0)
(5)_ldap(4)_tcp(2)dc(6)_msdcs(9)dc(7)core(2)t4(3)rub(3)net(0)

Thank you!

richgalloway · ‎06-18-2020

Use SED.

| makeresults | eval data="(5)_ldap(4)_tcp(5)cmp(6)_sites(3)rub(3)net(2)oz(0)
(4)wpad(3)rub(3)net(0)
(5)_ldap(4)_tcp(2)dc(6)_msdcs(9)dc(7)core(2)t4(3)rub(3)net(0)"
| rex field=data mode=sed "s/(\(\d+)\)/./g"

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎06-18-2020

Use SED.

| makeresults | eval data="(5)_ldap(4)_tcp(5)cmp(6)_sites(3)rub(3)net(2)oz(0)
(4)wpad(3)rub(3)net(0)
(5)_ldap(4)_tcp(2)dc(6)_msdcs(9)dc(7)core(2)t4(3)rub(3)net(0)"
| rex field=data mode=sed "s/(\(\d+)\)/./g"

---
If this reply helps you, Karma would be appreciated.

yossefn · ‎06-18-2020

Wow, that was fast 🙂

Thanks @richgalloway for the solution!

How can I replace Parenthesis in a URL field with Dots?

eval

regex

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Join the Conversation