Solved: Search for a random IP then place it in a variable

tsvetan · ‎11-15-2017

Currently I have many logs in most of which there are random IPs.

2. Then to put all these IPs in a variable so I can create dashboards or reports by these.

1) I manage to achieve this like this:

index=ourindex | regex "(\b(?:(?:2(?:[0-4][0-9]|5[0-5])|[0-1]?[0-9]?[0-9])\.){3}(?:(?:2([0-4][0-9]|5[0-5])|[0-1]?[0-9]?[0-9]))\b)"

So now I have all events in which there are IPs, but how I should get these now and put them in a variable.

I guess I should use "eval" function or something else? Does macros will help here?

Any assistance will be much appreciated.

gcusello · ‎11-15-2017

Hi tsvetan,
use rex command instead regex, e.g.:

index=ourindex
| rex "(?<IP_Address>\d+\.\d+\.\d+\.\d+)"
| table _time IP_Address

in this way (modifying the regex) you can store IP in the IP_Address field and use it.

Bye.
Giuseppe

gcusello · ‎11-15-2017

Hi tsvetan,
use rex command instead regex, e.g.:

index=ourindex
| rex "(?<IP_Address>\d+\.\d+\.\d+\.\d+)"
| table _time IP_Address

in this way (modifying the regex) you can store IP in the IP_Address field and use it.

Bye.
Giuseppe

tsvetan · ‎11-15-2017

Wow thanks for the fast answer.