Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Need a rex to extract an ip address with a trailing port number

mark_groenveld
Path Finder
‎04-26-2025 10:27 AM

I would like to extract an ip address from a text field where the ip address has a trailing port number.

The text is like so:  X-Upstream:"11.111.11.11:81"

The extraction would provide only the ip address.

Thanks.

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-26-2025 11:29 AM 
| rex "(?<ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(?=:\d+)"

View solution in original post

Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-26-2025 11:29 AM 
| rex "(?<ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(?=:\d+)"
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎04-27-2025 12:28 PM

If I were to be nitpicky I'd say that it captures stuff like 000.999.123.987, which is not a valid IP 😉

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-27-2025 11:51 PM

True, but I didn't want to give away all my secrets! 😎😁

0 Karma
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎04-28-2025 01:58 AM

😁

But seriously, this solution is usually good enough unless you have a strict demand on validating the IP format in which case regex is not the best tool for the job (it can be done using regex but it's neither pretty, nor efficient).

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-28-2025 03:06 AM

We have used it in RegexGames although I can't remember how many came up with a solution. Yes, regex may not be "pretty", but can be fun trying to solve regex puzzles!

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...