Solved: Extracting domain name from URL

pjtbasu · ‎09-10-2020

Hi,

I've a field with name URL and values are like this --

https://community.splunk.com/t5/forums/postpage/21321231312331112/id
http://www.google.com/search?rlz=1C1GCEA_enU

I need to extract it like this (it can be http or https and it can be other tld too)-

https://community.splunk.com
http://www.google.com

So basically need a rex like this - parta://partb/Ignorable_strings and then I'll concatenate parta and partb fields to get desired result. Someone please help.

thambisetty · ‎09-10-2020

| rex field=url "^(?<main_domain>\w+\:\/\/[^\/]+)"

output will be extracted to new field called main_domain

if you need parta and partb and igorable_strings use below:

| rex field=url "^(?<parta>\w+)\:\/\/(?<partb>[^\/]+)\/(?<ignorable_strings>.*)"

————————————
If this helps, give a like below.

View solution in original post

pjtbasu · ‎09-13-2020

Thank you!

Possible for you to explain the parts of first regex like how it is working ? Are you aware of any specific documentation which will help me understand/learn complex splunk regex ?

thambisetty · ‎09-13-2020

https://www.youtube.com/watch?v=LoiyiCVGLnw

————————————
If this helps, give a like below.

thambisetty · ‎09-10-2020

| rex field=url "^(?<main_domain>\w+\:\/\/[^\/]+)"

output will be extracted to new field called main_domain

if you need parta and partb and igorable_strings use below:

| rex field=url "^(?<parta>\w+)\:\/\/(?<partb>[^\/]+)\/(?<ignorable_strings>.*)"

————————————
If this helps, give a like below.

Extracting domain name from URL

regex

rex

Get ready to show some Splunk Certification swagger at .conf24!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...