Hi Base,
could it be that Regexes in Field Transforms are not greedy?
I am using this field transformation to extract sld.tld from hostnames:
[hostname_query_sub1]
CLEAN_KEYS = 1
MV_ADD = 0
SOURCE_KEY = querystring1
REGEX = ([^\.]+\.[^\.]+\.[^\.]+)
FORMAT = t2d::$1
Which gives these results: 1.2.3.4.in-addr.arpa -> 1.2.3 subdomain.subdomain.sld.tld -> subdomain.subdomain.sld
Using REGEX = ([^\.]+\.[^\.]+\.[^\.]+)$ works as intended:
1.2.3.4.in-addr.arpa -> 4.in-addr.arpa
subdomain.subdomain.sld.tld -> subdomain.sld.tld
Shouldn't the expression match to the end of the string even without "$"?