About CyberWolf

CyberWolf

Yap it makes since now, it worked thanks!

CyberWolf

its a good idea, but in my case i don't know what domains they will be in the _raw, so i cant predict the list. Some events have one domain and it captured but the next event has 5, next will have 12 and each event has different domains on the raw.

CyberWolf

I have an SPLQ that im trying to collect all domains from a raw logs, but my regex is capturing only one domain. in a single event, some events have one url some of them have 20 and more, how do i capture all domains, please advice? SPLQ .............. | rex field=_raw "(?<domain>\w+\.\w+)\/" | rex field=MessageURLs "\b(?<domain2>(?:http?://|www\.)(?:[0-9a-z-]+\.)+[a-z]{2,63})/?" | fillnull value=n/a | stats count by domain domain2 MessageURLs _raw

CyberWolf

Thanks Everyone for fast response!

CyberWolf · ‎10-23-2024

It worked! thank you!

CyberWolf · ‎10-23-2024

I'm using cmd |iplocation src, and the results produce results for the City. Next i want to compare each City and report when results is different. Example when result for a City is Miami and next hour or so in the same field for the City is Boston.

Posts	6
Solutions	0
Karma Given	6
Karma Received	2
Member Since	‎10-23-2024

Online Status	Offline
Date Last Visited	Monday

Multiple Domains

Compare results from same field

Re: Multiple Domains

Re: Multiple Domains

Multiple Domains

Re: Compare results from same field

Re: Compare results from same field

Compare results from same field