Solved: Re: Regex first part of the URL

ebs · ‎05-03-2021

Hi,

All my URLs have this general format https://value.company.com.au/etc/ Is there a way I can extract URLs and always stop at the .au but also have this included in the field? Some differ with a port at the end so its goes https://value.company.com.au:9001 but I don't want the port or anything after the /.

Do you have any recommendations on what the regex would look like?

ITWhisperer · ‎05-03-2021

(?<url>https?:\/\/[^:\/]+)

View solution in original post

ITWhisperer · ‎05-03-2021

(?<url>https?:\/\/[^:\/]+)

Badab · ‎04-27-2023

Hello,

Thanks for that, but it not works on my Splunk research, I get the following message :

Error in 'SearchParser': Missing a search command before '^'. Error at position '86' of search query 'search index=* sourcetype="os_win_wks:java:trace" ...{snipped} {errorcontext = tps?:\/\\[^:\/]+)}'.

Do you know why ?

Thanks

ITWhisperer · ‎04-27-2023

Because you are not using it to extract the field correctly. Rather than trying to extend someone else's question, please ask a fresh question where you can define your usecase more fully.

ebs · ‎05-03-2021

Thanks so much!

Is there a way to regex first part of the URL?

field extraction

fields

regex

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Building Momentum: Splunk Developer Program at .conf25

Are you a member of the Splunk Community?