Solved: Need a rex to extract an ip address with a trailin...

mark_groenveld

I would like to extract an ip address from a text field where the ip address has a trailing port number.

The text is like so: X-Upstream:"11.111.11.11:81"

The extraction would provide only the ip address.

Thanks.

ITWhisperer

| rex "(?<ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(?=:\d+)"

View solution in original post

ITWhisperer

| rex "(?<ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(?=:\d+)"

PickleRick

If I were to be nitpicky I'd say that it captures stuff like 000.999.123.987, which is not a valid IP 😉

ITWhisperer

True, but I didn't want to give away all my secrets! 😎😁

PickleRick

😁

But seriously, this solution is usually good enough unless you have a strict demand on validating the IP format in which case regex is not the best tool for the job (it can be done using regex but it's neither pretty, nor efficient).

ITWhisperer

We have used it in RegexGames although I can't remember how many came up with a solution. Yes, regex may not be "pretty", but can be fun trying to solve regex puzzles!

Need a rex to extract an ip address with a trailing port number

regex

rex

The Latest Cisco Integrations With Splunk Platform!

Enterprise Security Content Update (ESCU) | New Releases

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Are you a member of the Splunk Community?

Need a rex to extract an ip address with a trailing port number

regex

rex

The Latest Cisco Integrations With Splunk Platform!

Enterprise Security Content Update (ESCU) | New Releases

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!