TLD Parser
Hello there,
I am looking to find TLD's in the logs, and I am struggling to build the right query.
| domain as domain_lookup
| parse field=domain_lookup "*.*.*" as d, tld, tld1
The issue that I am running into is there is no way of knowing how many periods (.) there are in a domain. For Example support.sumologic.com has three. So the query above would work and TLD1 would have an output of .com - However secure.widget.cloud.opta.net has many periods, and I wont get .net with the current query.
I was thinking about a possible parser to go from right to left and just grab from the end to the first period.
-
Hey Azriel,
That is also not working. The log is tab delimited.
| domain as domain_lookup
| parse regex field=domain_lookup"(?<tld1>[^\.]*)(?=\t)"
This search came back with www. for example, not .com
Please sign in to leave a comment.
Comments
7 comments