3

I am trying to extract just the first IP from below events through regex -

For: ${nd:app://${namingDetails}.for.net.sh}, 4.5.3.2, 23.200.06.110 V-
For: 10.10.21.17, 5.18.11.74, 23.36.3.22 V-
For: 23.3.39.1, 21.61.39.21 V-
For: 3.3.39.1 V-

So if we consider above events, my regex should match below IP's as first_ip

4.5.3.2
10.10.21.17
23.3.39.1
3.3.39.1

Any help would be appreciated. Thanks.

this is how far i could get -> https://regex101.com/r/6K3AKX/1

(?:For:\s)?(?:For:.+)?((?<first_ip>\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}))\,
The fourth bird
  • 154,723
  • 16
  • 55
  • 70
ak9092
  • 73
  • 5

1 Answers1

5

You may use this regex:

^For:\s.*?\b(?<first_ip>\d{1,3}(?:\.\d{1,3}){3})

and grab named capture group first_ip.

RegEx Details:

  • ^: Start
  • For:\S: Match For followed by a whitespace
  • .*?\b: Match 0 or more of any characters followed by a word boundary
  • (?<first_ip>\d{1,3}(?:\.\d{1,3}){3}): Match IP address in named capture group first_ip

Updated RegEx Demo

If you're using php/PCRE then use:

^For:\s.*?\K\b\d{1,3}(?:\.\d{1,3}){3}
anubhava
  • 761,203
  • 64
  • 569
  • 643
  • 1
    Thanks @anubhava. This looks perfect and works fine but just wanted to know would it be possible to ignore matching loop back ip(127.0.0.1) as i see its popping in some events like -> https://regex101.com/r/WvJ9Yn/1 – ak9092 Jan 25 '23 at 14:49
  • Yes it is possible. We can use: `^For:\s.*?\b(?!127\.0\.0\.)(?\d{1,3}(?:\.\d{1,3}){3})` – anubhava Jan 25 '23 at 15:39