Any Regex Guru ?

2
Posted 13th Apr
I would like to extract Time, URL and Source IP from sample log below from my Pi Hole.

<133>Apr 13 13:51:40 pi pihole Apr 13 00:52:31 dnsmasq[3916]: query[A] hotukdeals.com from 192.168.1.230

Time - Apr 13 13:51:40
URL - hotukdeals.com (Only those after "quary[A]"
Source IP - 192.168.1.230

Could someone write a regex for me. Thx in advance.
Community Updates
Ask
2 Comments
Something like this should give you what you want, I’m on my phone so not 100% but should be close enough.

(?\d{2}:\d{2}:\d{2}).+\[A\]\s(?[^\s]+)\sfrom\s(?[^\s]+)


regex101.com/r/U…1/1
tra1nor13/04/2020 18:49

Something like this should give you what you want, I’m on my phone so not 1 …Something like this should give you what you want, I’m on my phone so not 100% but should be close enough. (?\d{2}:\d{2}:\d{2}).+\[A\]\s(?[^\s]+)\sfrom\s(?[^\s]+)https://regex101.com/r/UquNj1/1


40403354-ThM0t.jpg@tra1n0r thanks for your help mate. I am new to this regex extraction in logs.
Basically I would like to extract URL and source IP field in QRadar SIEM.

I tried your expression with capture group "$1", but it's error out saying "Illegal escape sequence in regex"

could you help please?
Post a comment
Avatar
@
    Text

    Discussions