Forum Discussion

Preben902's avatar
Preben902
Copper Contributor
Oct 23, 2019

Kusto regex for extracting IP adresses

In my AzureDiagnostics for my ResourceType "AzureFirewalls", there's a column named "msg_s".  It contains information about IP-adresses trying to request access to another adress.   Examples inclu...
azure monitor
Query Language
zachedwards's avatar
zachedwards
Icon for Microsoft rankMicrosoft
Oct 24, 2019

Preben902 Here's a basic pattern. It doesn't check for valid IP addresses, for this use case that shouldn't matter.

 

print extract_all("request from (?P<from>.+?)(?: to (?P<to>.+))?\\. Action: (?P<action>[^.]+)","HTTPS request from 198.192.100.10:10500. Action: Deny. Reason: SNI TLS extension was missing")

 

Resources