Solved: REGEX pattern to extract the hostname in transform...

dhavamanis · ‎08-01-2014

Please provide the REGEX pattern to extract from host and assign the value to index name, In the below example, we need to extract the value ABC and assign this to Index..

[generic_idx_routing]
SOURCE_KEY = MetaData:Host
REGEX = (ABC)\\.zxy\\.1a1\\.com
DEST_KEY = _MetaData:Index
FORMAT = $1

yannK · ‎08-01-2014

Are you trying to extract the first part of an hostname ?

host.domain.com -> host
host.subdomain.domain.com -> host
host -> host
host.com -> host
192.168.5.2 -> 192

please try
REGEX= ^([^\.]*)

View solution in original post

yannK · ‎08-01-2014

Are you trying to extract the first part of an hostname ?

host.domain.com -> host
host.subdomain.domain.com -> host
host -> host
host.com -> host
192.168.5.2 -> 192

please try
REGEX= ^([^\.]*)

somesoni2 · ‎08-01-2014

Have a look at the similar question.
http://answers.splunk.com/answers/1026/route-data-to-index-based-on-host

REGEX pattern to extract the hostname in transforms.conf

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Join the Conversation