Splunk Search

Regex Hostname for multiple scenario

Akmal57
Path Finder

Hi,

I have log which the field name is called "name". The regex cannot get the hostname from the name field because have multiple scenario. Eg as below:

(DR) HostA-AIX-172.0.0.0-root

01-HostA-10-Cambodia-Cisco_Router-10.0.0.0-root1

172.0.0.0-Malaysia-Windows Server 2016-HostA-admin

172.0.0.0 - HostA-Indonesia-Win2012-172.0.0.0-admin

3D-(DR) HostA-Win2003-172.0.0.0 [NAT IP 192.0.0.0] (dmin)

AD-HostA.local-srv_AB_CDD

HostA-India-Solaris10-172.0.0.0-root

These are the sample inconsistent log that we need to get Hostname. The highlighted one should we get for the hostname.

Please assist on this by creating new regex

Labels (3)
Tags (1)
0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

Have you any document which describes your naming policy? Or should we just guess which part are standard like 

  • (DR)
  • Country-Cisco_Router-<IP>-<content>
  • <IP>-Country-Server type-<host>-<user>

etc.

r. Ismo

0 Karma
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...