Solved: Re: Regex for Inputs.conf to grab hostname challen...

conner9 · ‎06-19-2012

I am trying to pull the hostname from file names, for inputs.conf. The hostname is always between the second and third set of double underscore characters the rest of the file name can be multiple groups of letters & numbers.
The hostname can be made up of letters, numbers, and/or dashes
If the hostname has dashes then there can be two, three, or four segments to the name, but it is always the total of what's between the double underscore.
There can be multiple segments to the file name, both before and after the hostname.

Example:

field____field________field__________hostname_______field.log

Thoughts?

lguinn2 · ‎06-19-2012

Try this

host_regex =__((?:[a-zA-Z0-9]|-)+)__

Which says "use the string between the double-underscores, if that string consists only of any combination of letters, numbers and dashes"

View solution in original post

lguinn2 · ‎06-19-2012

Try this

host_regex =__((?:[a-zA-Z0-9]|-)+)__

Which says "use the string between the double-underscores, if that string consists only of any combination of letters, numbers and dashes"

Regex for Inputs.conf to grab hostname challenge

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation