Scripted lookup that creates new fields from your URL. It can be fairly complex to extract properly things such as a TLD. Created by the Splunk Security Practice team, it will be a great enhancement to analyze your DNS, proxy logs, or anything that contains URLs. Faup addon just needs an url field, and will enrich it by prefixing created fields with 'url_'. One can provide urls by typing: '* | lookup faup url'. For example, with the url 'http://foo:bar@www.example.co.jp:1234/index.html?a=blah&b=ahah#hihi' extracted fields are: * url_scheme: http * url_credential: foo:bar * url_subdomain: www * url_domain: example.co.jp * url_domain_without_tld: example * url_host: www.example.co.jp * url_tld: co.jp * url_port: 1234 * url_resource_path: /index.html * url_query_string: ?a=blah&b=ahah * url_fragment: #hihi It was designed for many edge cases we get in real life: IPv4/6 addresses, simple hosts (http://localhost), custom TLDs (http://foo.bar, foo.42), exceptions in TLDs (bl.uk, etc.) ...