I want to be able to pass in a string of random IP addresses (just one long string that isnt comma separated) and return the list separated into IP addresses and Ports like this:
| IP address | Port |
|---|---|
| 237.148.51.168 | 445 |
| 208.250.127.105 | 63 |
| 154.133.47.172 | 0 |
This is my current code however I cant figure out how to identify that the new line is another value in KQL.
datatable(randomIpAddress:string)[
```237.148.51.168:445
208.250.127.105:63
154.133.47.172:0
246.249.197.54:4673
29.219.118.47:80
63.65.217.14:80
38.190.162.134:10
128.109.247.102:383
241.154.59.142:445
29.12.140.178:0```
]
| parse ipAddressList with ipAddress:string ':' port:string
| project-away ipAddressList
It currently returns:
| IP address | Port |
|---|---|
| 237.148.51.168 | 445 208.250.127.105:63 154.133.47.172:0 246.249.197.54:4673 … |
Thank you!
>Solution :
First, you will need to split() the multiline input.
Then, you can expand it using mv-expand or mv-apply for further processing.
For example:
datatable(multiline_input: string)
[
```237.148.51.168:445
208.250.127.105:63
154.133.47.172:0
246.249.197.54:4673
29.219.118.47:80
63.65.217.14:80
38.190.162.134:10
128.109.247.102:383
241.154.59.142:445
29.12.140.178:0```
]
| mv-apply ip_address = split(multiline_input, "\r\n") to typeof(string) on (
parse ip_address with ip_address: string ':' port: string
)
| project ip_address, port
| ip_address | port |
|---|---|
| 237.148.51.168 | 445 |
| 208.250.127.105 | 63 |
| 154.133.47.172 | 0 |
| 246.249.197.54 | 4673 |
| 29.219.118.47 | 80 |
| 63.65.217.14 | 80 |
| 38.190.162.134 | 10 |
| 128.109.247.102 | 383 |
| 241.154.59.142 | 445 |
| 29.12.140.178 | 0 |