Split the address field with regular

WXY · ‎11-06-2018

I want to use rex to get a field value.
Now I have a field named URL
Some data such as :

http://10.2.3.44:8080
http://1.3.2.55:8011/Login.aspx
https://wwx.ff-ac.com/login
https://192.443.67.91:8044/bs_y/index.jsp
http://rr-ww.ff-ac.com/rr_platform_ww/ayyu
 https://t.ff-ac.com/ipi/IP_A/login.do?p=I_log

But I just want to get such as

http://10.2.3.44:8080
 http://1.3.2.55:8011
 https://wwx.ff-ac.com
 https://192.443.8.91:8044
 http://rr-ww.ff-ac.com
 https://t.ff-ac.com

The above data is written randomly according to my data.

That is to say I only hope to get [http|https]://IP:port OR [http|https]://domain

What should I do?

gokadroid · ‎11-06-2018

Lets say your url data is in field called URL then you can try below to get the required data in a field called myRequiredData:

your query to return URL field
| rex field=URL "(?<myRequiredData>(http(s)*:\/\/)[^\/\s]+)"
| table URL, myRequiredData

See the regex reference here

Split the address field with regular

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability