Solved: Re: Using REGEX to extract portion of a string fro...

mdeterville · ‎11-04-2020

Hi Everyone:

I'd like to extract everything after the third "/" below (starting from the left) in the url field below:

url=http://4.3.3.4/pld_accepted_business "

Note: http://4.3.3.4/ will be constant. The latter may change between pld_accepted_business or pld_accepted_non_business"

Any assistance would be greatly appreciated.

inventsekar · ‎11-04-2020

Hi @mdeterville Please check this..

| makeresults 
| eval log="url=http://4.3.3.4/pld_accepted_business" 
| rex field=log "4\/(?<StrPortion>.*)"
| table log StrPortion

inventsekar · ‎11-04-2020

Hi @mdeterville Please check this..

| makeresults 
| eval log="url=http://4.3.3.4/pld_accepted_business" 
| rex field=log "4\/(?<StrPortion>.*)"
| table log StrPortion

mdeterville · ‎11-04-2020

This works! Thanks for the quick turnaround @inventsekar!

admin12345678 · ‎11-04-2020

| makeresults
| eval url=split("http://4.3.3.4/pld_accepted_business",",")
| mvexpand url
| rex field=url ".*\/+.*\/(?<new>.*)"

Using REGEX to extract portion of a string from a field