Free PerlCode
one-liners intermediate

How to extract IP addresses from log with perl one-liner?

#one-liner #regex #ip-extraction

Question

How to extract IP addresses from log with perl one-liner?

Extracting IP addresses from log files is a common task that Perl one-liners excel at. Perl's powerful regex engine and command-line options make it ideal for quick text processing without writing full scripts.

The most straightforward approach uses the -n flag (which wraps your code in a while loop) combined with a regex pattern that matches IPv4 addresses:

#!/usr/bin/perl
use strict;
use warnings;

# Simulating log file content
my @log_lines = (
    '192.168.1.100 - - [01/Jan/2024:10:15:30] "GET /index.html"',
    'Connection from 10.0.0.50 established',
    'Error: timeout connecting to 172.16.254.1',
    '2024-01-01 12:00:00 Request from 203.0.113.45',
    'Invalid request from 256.300.400.500',  # Invalid IP
);

print "Extracted IP addresses:\n";
for my $line (@log_lines) {
    # Match IPv4 addresses (basic pattern)
    if ($line =~ /\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b/) {
        print "$1\n";
    }
}

Common One-Liner Patterns

In actual shell usage, you'd typically use one of these formats:

  • perl -nle 'print $1 if /(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/' logfile.txt - Basic extraction
  • perl -nle 'print $& while /\b(\d{1,3}\.){3}\d{1,3}\b/g' logfile.txt - Multiple IPs per line
  • perl -nle 'print $1 if /(\d+\.\d+\.\d+\.\d+)/' logfile.txt - Shorter pattern

Understanding the Regex

The pattern \b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b breaks down as:

  • \b - Word boundary to avoid matching partial numbers
  • \d{1,3} - Matches 1-3 digits
  • \. - Escaped literal dot
  • ( ) - Capturing group stored in $1

Command-Line Flags

  • -n - Wraps code in while (<>) { ... } loop
  • -l - Auto-chomps input and adds newline to print
  • -e - Execute code inline

Important Gotchas

The basic pattern matches invalid IPs like 999.999.999.999. For strict validation, use a more complex regex that checks each octet is 0-255, or use the Regexp::Common module. However, for quick log parsing, the simple pattern usually suffices since logs typically contain valid IPs.

To extract all IPs from a line (not just the first), add the /g modifier and use while instead of if.

Verified Code

Executed in a sandbox to capture real output. • v5.34.1 • 12ms

Tip: edit code and use “Run (Browser)”. Server runs always execute the published, verified snippet.
STDOUT
Extracted IP addresses:
192.168.1.100
10.0.0.50
172.16.254.1
203.0.113.45
256.300.400.500
STDERR
(empty)

Was this helpful?

Related Questions