Re: How to count the number of dots in a domain na...

splunkranger · ‎04-02-2014

For exmaple:

Is there an easy eval command to count the number of occurrences of a particular character in a event?

Thank you,

eashwar · ‎04-02-2014

Hello Bro,

It was fun to find a solution to your question. I made the below query to check it out. Modify this to your requirement.

Run the below query in your splunk search

index=main | head 1 | eval custom_test="This . is . Eashwar . Raghunathan . and . i . am . playing . with . 10 . dots" | rex mode=sed field=custom_test "s/[^.]/X/g s/X//g" | eval NumberOfDots=len(custom_test) | table custom_test NumberOfDots

Hope in your case you will pass the string domain instead of custom_test

Happy splunking bro, thanks for asking tough questions 🙂

eashwar · ‎04-03-2014

Hello AELLIOTT it is working now for me, I don't know why it did not work yesterday 😞 ... Confused

eashwar · ‎04-02-2014

Hey i did it first, for some reason it did not work. It was unusual, so i was trying a couple of other ways to achieve the same

aelliott · ‎04-02-2014

You could just have "s/[^.]//g" in your sed

aelliott · ‎04-02-2014

someone else had this issue, and this worked for them:
http://answers.splunk.com/answers/28276/count-of-character-in-field

splunkranger · ‎04-02-2014

Perfect! thank you!

How to count the number of dots in a domain name

Fun with Regular Expression - multiples of nine

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

What’s New & Next in Splunk SOAR

Are you a member of the Splunk Community?

How to count the number of dots in a domain name

Fun with Regular Expression - multiples of nine

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

What’s New & Next in Splunk SOAR