Solved: REGEX pattern to extract the hostname in transform...

dhavamanis · ‎08-01-2014

Please provide the REGEX pattern to extract from host and assign the value to index name, In the below example, we need to extract the value ABC and assign this to Index..

[generic_idx_routing]
SOURCE_KEY = MetaData:Host
REGEX = (ABC)\\.zxy\\.1a1\\.com
DEST_KEY = _MetaData:Index
FORMAT = $1

yannK · ‎08-01-2014

Are you trying to extract the first part of an hostname ?

host.domain.com -> host
host.subdomain.domain.com -> host
host -> host
host.com -> host
192.168.5.2 -> 192

please try
REGEX= ^([^\.]*)

View solution in original post

yannK · ‎08-01-2014

Are you trying to extract the first part of an hostname ?

host.domain.com -> host
host.subdomain.domain.com -> host
host -> host
host.com -> host
192.168.5.2 -> 192

please try
REGEX= ^([^\.]*)

somesoni2 · ‎08-01-2014

Have a look at the similar question.
http://answers.splunk.com/answers/1026/route-data-to-index-based-on-host

REGEX pattern to extract the hostname in transforms.conf

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation