Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Required Regex

SabariRajanT
Path Finder
‎08-03-2021 01:34 AM

Hi Team,

I will be getting below text randomly in logs, I need a regex for the 1st IP's separately & 2nd IP's separately . can someone please help to get it.

The user Risen Paur (risen.paur@mail.eeir) performed an impossible travel activity. The user was active from 117.202.23.200 in India and 173.205.24.222 in United States within 802 minutes.

@gcusello - Looking forward your help.

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎08-03-2021 01:58 AM

Assuming parts of the text are static

| rex "The user was active from (?<firstip>[\d\.]+) .+ and (?<secondip>[\d\.]+) "

View solution in original post

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎08-03-2021 03:00 AM

HI @SabariRajanT,

the anser of @ITWhisperer is probably the correct one, to be sure, could you share some sample of your logs?

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎08-03-2021 01:58 AM

Assuming parts of the text are static

| rex "The user was active from (?<firstip>[\d\.]+) .+ and (?<secondip>[\d\.]+) "
Reply
Get Updates on the Splunk Community!

Splunk Classroom Chronicles: Training Tales and Testimonials

Welcome to the "Splunk Classroom Chronicles" series, created to help curious, career-minded learners get ...

Access Tokens Page - New & Improved

Splunk Observability Cloud recently launched an improved design for the access tokens page for better ...

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

&#x1f342; Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...