Solved: Regex for Inputs.conf to grab hostname challenge

conner9 · ‎06-19-2012

I am trying to pull the hostname from file names, for inputs.conf. The hostname is always between the second and third set of double underscore characters the rest of the file name can be multiple groups of letters & numbers.
The hostname can be made up of letters, numbers, and/or dashes
If the hostname has dashes then there can be two, three, or four segments to the name, but it is always the total of what's between the double underscore.
There can be multiple segments to the file name, both before and after the hostname.

Example:

field____field________field__________hostname_______field.log

Thoughts?

lguinn2 · ‎06-19-2012

Try this

host_regex =__((?:[a-zA-Z0-9]|-)+)__

Which says "use the string between the double-underscores, if that string consists only of any combination of letters, numbers and dashes"

View solution in original post

lguinn2 · ‎06-19-2012

Try this

host_regex =__((?:[a-zA-Z0-9]|-)+)__

Which says "use the string between the double-underscores, if that string consists only of any combination of letters, numbers and dashes"

Regex for Inputs.conf to grab hostname challenge

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Join the Conversation

Regex for Inputs.conf to grab hostname challenge

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey