Solved: How to apply regex to a field in lookup file?

pavanae · ‎10-31-2017

I have a lookup file query as follows

| inputlookup ABCD.csv which displays the results as follows

Host

efgh
ijkl.mno.com
pqrs.tuv.net
wxyz

Now how can i add a regex to display only the hostname and avoid the extra string which ever after the dot(.). I just want to apply the regex to display the result as follows

Host

efgh
ijkl
pqrs
wxyz

somesoni2 · ‎10-31-2017

Assuming you just want to manipulate the result of the search | inputlookup ABCD.csv, try like this

| inputlookup ABCD.csv | eval Host=mvindex(split(Host,"."),0)

OR

| inputlookup ABCD.csv | rex field=Host "^(?<Host>[^\.]+)"

View solution in original post

somesoni2 · ‎10-31-2017

Assuming you just want to manipulate the result of the search | inputlookup ABCD.csv, try like this

| inputlookup ABCD.csv | eval Host=mvindex(split(Host,"."),0)

OR

| inputlookup ABCD.csv | rex field=Host "^(?<Host>[^\.]+)"

How to apply regex to a field in lookup file?

Data Management Digest – November 2025

Splunk Mobile: Your Brand-New Home Screen

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Are you a member of the Splunk Community?

How to apply regex to a field in lookup file?

Data Management Digest – November 2025

Splunk Mobile: Your Brand-New Home Screen

Introducing Value Insights (Beta): Understand the Business Impact your organization ...