We are attempting to extract all of the domains below using the following regex:
DomainName=([-a-zA-Z0-9@:%.+~#=]{1,256}.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%+.~#?&//=]*))
It will pull the first domain cleanly and give us arc.msn.com, however, we do not get any other domain that is present in the field. Is there a way to tell the regex extractor to pull ALL domains?
Pipeline rule with function regex_replace should works for you:
rule "extract-DomainName"
when
has_field("field_name")
then
// replace all occurences
let fix_url = regex_replace("\\{DomainName=([-a-zA-Z0-9@:%\\.+~#=]+),RequestType=\\w+\\}", to_string($message.field_name), "$1", true);
set_field("DomainName", fix_url);
// Optionally remove field
//remove_field("field_name");
// Optionally rename one of the field
//rename_field("field_name", "URLs");
end