Extract the hostname

Hi There

this is the Original message when they come into Graylog:
02.07.2021 14:47:30 1AC8 PACKET 00000297E33EA5A0 UDP Rcv 172.16.1.166 d21a Q [0001 D NOERROR] A (3)www(10)netzperten(2)de(0)

can I somehow extract the hostname without the numbers and brackets?
so I have a extra field like clean_hostname: www.netzperten.de

can a extractor extract (3)www(10)netzperten(2)de(0) and replaces the (0-9) with a dot?

thanks in advance

Hello & Welcome

I came across this post and I knew it looked familiar like this post here

Here are a couple more that may help you.

Hope this helps

1 Like

Thanks for your effort.
Besides the shared posts, I used the YouTube videos of “Bits Byte Hard” to lay out the rules and patterns and finally got it down.

1 Like

Nice, Glad it helped.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.