Solved: REGEX pattern to extract the hostname in transform...

dhavamanis · ‎08-01-2014

Please provide the REGEX pattern to extract from host and assign the value to index name, In the below example, we need to extract the value ABC and assign this to Index..

[generic_idx_routing]
SOURCE_KEY = MetaData:Host
REGEX = (ABC)\\.zxy\\.1a1\\.com
DEST_KEY = _MetaData:Index
FORMAT = $1

yannK · ‎08-01-2014

Are you trying to extract the first part of an hostname ?

host.domain.com -> host
host.subdomain.domain.com -> host
host -> host
host.com -> host
192.168.5.2 -> 192

please try
REGEX= ^([^\.]*)

View solution in original post

yannK · ‎08-01-2014

Are you trying to extract the first part of an hostname ?

host.domain.com -> host
host.subdomain.domain.com -> host
host -> host
host.com -> host
192.168.5.2 -> 192

please try
REGEX= ^([^\.]*)

somesoni2 · ‎08-01-2014

Have a look at the similar question.
http://answers.splunk.com/answers/1026/route-data-to-index-based-on-host

REGEX pattern to extract the hostname in transforms.conf

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

REGEX pattern to extract the hostname in transforms.conf

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...