Solved: Regex for Inputs.conf to grab hostname challenge

conner9 · ‎06-19-2012

I am trying to pull the hostname from file names, for inputs.conf. The hostname is always between the second and third set of double underscore characters the rest of the file name can be multiple groups of letters & numbers.
The hostname can be made up of letters, numbers, and/or dashes
If the hostname has dashes then there can be two, three, or four segments to the name, but it is always the total of what's between the double underscore.
There can be multiple segments to the file name, both before and after the hostname.

Example:

field____field________field__________hostname_______field.log

Thoughts?

lguinn2 · ‎06-19-2012

Try this

host_regex =__((?:[a-zA-Z0-9]|-)+)__

Which says "use the string between the double-underscores, if that string consists only of any combination of letters, numbers and dashes"

View solution in original post

lguinn2 · ‎06-19-2012

Try this

host_regex =__((?:[a-zA-Z0-9]|-)+)__

Which says "use the string between the double-underscores, if that string consists only of any combination of letters, numbers and dashes"

Regex for Inputs.conf to grab hostname challenge

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Regex for Inputs.conf to grab hostname challenge

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!