Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Required Regex

SabariRajanT
Path Finder
‎08-03-2021 01:34 AM

Hi Team,

I will be getting below text randomly in logs, I need a regex for the 1st IP's separately & 2nd IP's separately . can someone please help to get it.

The user Risen Paur (risen.paur@mail.eeir) performed an impossible travel activity. The user was active from 117.202.23.200 in India and 173.205.24.222 in United States within 802 minutes.

@gcusello - Looking forward your help.

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎08-03-2021 01:58 AM

Assuming parts of the text are static

| rex "The user was active from (?<firstip>[\d\.]+) .+ and (?<secondip>[\d\.]+) "

View solution in original post

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎08-03-2021 03:00 AM

HI @SabariRajanT,

the anser of @ITWhisperer is probably the correct one, to be sure, could you share some sample of your logs?

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎08-03-2021 01:58 AM

Assuming parts of the text are static

| rex "The user was active from (?<firstip>[\d\.]+) .+ and (?<secondip>[\d\.]+) "
Reply
Get Updates on the Splunk Community!

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...
Top