Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

TLD Extraction for Report

TucoRameriz
Explorer
‎04-16-2013 08:04 AM

I'm looking at creating a report that extracts suspicious TLDS over a period of time such as, as past six hours, or past twelve hours etc. Some of the TLD that I want to look at would be .ru, .ua or double like .rr.nu or cz.cc.

I'm looking for a good way to extract the TLD from the URL and display that in a chart. I've seen a few regex's floating around but haven't had much luck modifying them into what I want to do.

Thanks in advance

Tags (2)
Reply

Dallastek
Explorer
‎08-03-2015 11:03 AM

I am trying to use a erex with several examples to do the same thing.
http://docs.splunk.com/Documentation/Splunk/4.1.5/SearchReference/Erex

0 Karma
Reply

Dallastek
Explorer
‎08-03-2015 11:08 AM

Try using this regex | rex "(?i)(?P.\w+)\d+.\w+\s+\d+\s+(?:/[^/]*){4}"

0 Karma
Reply

phudinhha
Explorer
‎07-15-2015 01:41 PM

Does anyone have the answer for this question? I'm looking for the same thing.

0 Karma
Reply

veryous
Engager
‎07-30-2013 01:55 PM

Looking for the same answer to this too.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...