I have a field that includes IP and Port (i.e. 0.0.0.0:1234) and I want to split them into separate fields for further analysis. What’s the best way to do that?
Page 1 / 1
Use the Regex Extract function:
(?<ip>[^:]+):(?<port>\d+)
(the edit: button isnt working for me? so making an expanded post)
One way would be to use the REGEX extract and for the REGEX use something similar to (?\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):(?\d{1,5}) (there are other ways to do this obviously which are more strrict/validating, but this should do fine for most)
Also you could use a split function on eval.
name|value expression:
ipaddress | nameOfCombinedField.split(:)[0]
port | nameOfCombinedField.split(:)[1]
The Eval function was exactly what I needed.
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.