HI
I am trying to extract Unique IP address from access log to determine the user load.
My request looks like as below
- - [01/May/2014:08:59:49 -0700] POST /connect/group/home/support-query1?p_p_id=myexample_WAR_dsp&p_p_lifecycle=2&p_p_state=normal&p_p_mode=view&p_p_cacheability=cacheLevelPage&p_p_col_id=column-1&p_p_col_count=1&action=dispatch HTTP/1.0 200 126 05507 5164
Hi veeru_irf,
try something like this:
your base search here | rex "^(?<myIP>(\d+\.){3}(\d+))" | table myIP
If this matches, you can set it up as automatic field extraction so it will be extracted by Splunk directly.
Also here is a nice little page where you can test regex stuff
hope this helps to get you started ...
cheers, MuS
Hi veeru_irf,
try something like this:
your base search here | rex "^(?<myIP>(\d+\.){3}(\d+))" | table myIP
If this matches, you can set it up as automatic field extraction so it will be extracted by Splunk directly.
Also here is a nice little page where you can test regex stuff
hope this helps to get you started ...
cheers, MuS
thnx.. It worked
Sorry missed out initial part
205.140.227.154 - - [01/May/2014:08:59:49 -0700] POST /connect/group/home/support-query1?p_p_id=myexample_WAR_dsp&p_p_lifecycle=2&p_p_state=normal&p_p_mode=view&p_p_cacheability=cacheLevelPage&p_p_col_id=column-1&p_p_col_count=1&action=dispatch HTTP/1.0 200 126 05507 5164
There is no IP in this log? Does your web server log the IP's for requests at all?