Forum Discussion
KQL to extract URL from TI Feeds
Hello, I need some help to extract a specific field (URL) from URL Haus Database. Example "3430907","2025-02-07 11:02:07","http://chmod0777kk.com/main","online","2025-02-07 11:02:07","malware_down...
or
let url_ = '"3430907","2025-02-07 11:02:07","http://chmod0777kk.com/main","online","2025-02-07 11:02:07","malware_download","elf","https://urlhaus.abuse.ch/url/3430907/","anonymous"';
print url_
// assumes that HTTP is always in the 3 column (counting from 0)
// trim is used to removed any " in the column
| extend http_ = trim(@"[^\w]+",tostring(split(url_,',')[2]))
