Solved: Regex for IP Address and URL

prabmurthy · ‎02-10-2013

Hi,

I've 2 fields 1. Host with data which looks something like this ip-10-222-98-898, ip-10-982-83-821, ip-10-233-04-291 etc and other field (say Color) which has some text data example: Red, Yellow, White, Green.

I'd like to have something like this:

Column1 data should look like something like 10-222-98-898, 10-982-83-821 etc
Column2 data should look like http://10-982-83-821/Red (in this case 10-982-83-821 has field value red and so on..

What I was thinking was if I could get #1 ready then I can have a new variable say URL which will look something like URL=http://$host/$Color (I'm not sure of the syntax of how to fetch the fields but my try will look something like this)

How do I get started with #1 and any points for #2?

Thanks in advance.

PM

martin_mueller · ‎02-10-2013

Something like this:

...  | rex field=host "(?<ip>\d+-\d+-\d+-\d+)" | eval url = "http://".ip."/".color

If you want to replace the dashes in the host with dots you can throw in this:

... | eval ip = replace(ip, "-", ".") | ...

View solution in original post

martin_mueller · ‎02-10-2013

Something like this:

...  | rex field=host "(?<ip>\d+-\d+-\d+-\d+)" | eval url = "http://".ip."/".color

If you want to replace the dashes in the host with dots you can throw in this:

... | eval ip = replace(ip, "-", ".") | ...

prabmurthy · ‎02-10-2013

Thanks 🙂 That worked !!

Regex for IP Address and URL

Developer Spotlight with Brett Adams

Index This | What can you do to make 55,555 equal 500?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...