Solved: How to extract a URL from a text string and assign...

Cuyose · ‎09-01-2016

I cannot find a working example of this anywhere. I can find examples a mile long on google, but am having trouble actually assigning them to a variable in Splunk.

Cuyose · ‎09-01-2016

I got what I needed using the following:

|rex field=_raw "(?(https?:\/\/([-\w\.]+)+(:\d+)?))"

View solution in original post

Cuyose · ‎09-01-2016

I got what I needed using the following:

|rex field=_raw "(?(https?:\/\/([-\w\.]+)+(:\d+)?))"

sundareshr · ‎09-01-2016

Try this, for 3 capturing groups. You can name each group, if desired.

... | rex "https?:\/\/([^\.]+)\.([^\.]+)\.([^\/]+)"

twinspop · ‎09-01-2016

Need a sample log entry

Cuyose · ‎09-01-2016

http or https
then ://
then anything up to .
then anything up to .
then anything up to first /

How to extract a URL from a text string and assign it to a variable in Splunk?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Join the Conversation