this is the Original message when they come into Graylog:
02.07.2021 14:47:30 1AC8 PACKET 00000297E33EA5A0 UDP Rcv 172.16.1.166 d21a Q [0001 D NOERROR] A (3)www(10)netzperten(2)de(0)
can I somehow extract the hostname without the numbers and brackets?
so I have a extra field like clean_hostname: www.netzperten.de
can a extractor extract (3)www(10)netzperten(2)de(0) and replaces the (0-9) with a dot?
thanks in advance
Hello & Welcome
I came across this post and I knew it looked familiar like this post here
Here are a couple more that may help you.
Hope this helps
Thanks for your effort.
Besides the shared posts, I used the YouTube videos of “Bits Byte Hard” to lay out the rules and patterns and finally got it down.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.