FAQ: How do I extract an IP Address from the CommandLine field?

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

Reading time: 0 minutes

To gather a more comprehensive data profile and identify possible threats, it may be necessary to extract an IP address from the CommandLine field. To do so, you'll need to use the regex() function:

|regex("?<ip>[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\:<port>\d{2,5})", field=CommandLine)

Knowledge Base

FAQ: How do I extract an IP Address from the CommandLine field?

Enter search term