Solved: Regex for Inputs.conf to grab hostname challenge

conner9 · ‎06-19-2012

I am trying to pull the hostname from file names, for inputs.conf. The hostname is always between the second and third set of double underscore characters the rest of the file name can be multiple groups of letters & numbers.
The hostname can be made up of letters, numbers, and/or dashes
If the hostname has dashes then there can be two, three, or four segments to the name, but it is always the total of what's between the double underscore.
There can be multiple segments to the file name, both before and after the hostname.

Example:

field____field________field__________hostname_______field.log

Thoughts?

lguinn2 · ‎06-19-2012

Try this

host_regex =__((?:[a-zA-Z0-9]|-)+)__

Which says "use the string between the double-underscores, if that string consists only of any combination of letters, numbers and dashes"

View solution in original post

lguinn2 · ‎06-19-2012

Try this

host_regex =__((?:[a-zA-Z0-9]|-)+)__

Which says "use the string between the double-underscores, if that string consists only of any combination of letters, numbers and dashes"

Regex for Inputs.conf to grab hostname challenge

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Are you a member of the Splunk Community?

Regex for Inputs.conf to grab hostname challenge

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler