Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

need rex help

vikram1583
Explorer
‎03-01-2020 05:24 PM

in my event i want to extract TLD's

i want to extract:
com
news
tech
net
org

please help me with rex?
thanks in advance

Tags (2)
0 Karma
Reply

woodcock
Esteemed Legend
‎03-03-2020 12:45 AM

URL Toolbox: https://splunkbase.splunk.com/app/2734/

0 Karma
Reply

sumanssah
Communicator
‎03-02-2020 11:12 AM

Try this 

(?<TLD>\.\w+?)(?:$|\/)
0 Karma
Reply

to4kawa
Ultra Champion
‎03-02-2020 06:56 AM 
rex field=your_field "(?<TLD>com|news|tech|net|org)"
0 Karma
Reply

manjunathmeti
Champion
‎03-02-2020 06:15 AM

Hi @vikram1583,

Try this:

| rex "\w*\.(?<tld>[a-z]+)$"
0 Karma
Reply

vikram1583
Explorer
‎03-02-2020 10:53 AM

not working

0 Karma
Reply

to4kawa
Ultra Champion
‎03-02-2020 01:10 PM

not working
hec? what is "TLD" you say?

0 Karma
Reply

manjunathmeti
Champion
‎03-02-2020 11:05 AM

Please share some raw data.

0 Karma
Reply

efavreau
Motivator
‎03-02-2020 06:07 AM

@vikram1583 What do your logs look like? Are you extracting from fields that already identified websites or email addresses or do you have a mess in your logs that you need to identify the pattern first and then the TLD? Are these URL's fully qualified, like https://www.example.com/, or are the more like example.com? Do they end at the TLD, or continue with parameters/directories/etc.? Details and a log sample will go a long way in people being able to help you efficiently.

###

If this reply helps you, an upvote would be appreciated.
0 Karma
Reply

efavreau
Motivator
‎03-02-2020 01:21 PM

@vikram1583 I maintain that this will go better with more details and a log sample. Please edit your question with a sample log (scrub for anything sensitive). Some of these proposed solutions aren't successful against patterns such as:
https://answers.splunk.com/answers/806969/need-rex-help.html (where the valid TLD is com)
www.example.wanggou (where the valid TLD would be wanggou)
etc.

###

If this reply helps you, an upvote would be appreciated.
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...