Certainly, but that is not what you want. If the name is within .co.uk you want to include the third level name. For some TLDs there is a set of second level names used for labelling, but they also accept registrations at the second level. So the regexp is going to get complicated. I think this handles most of .uk and .dz (Algeria) correctly, you would have to expand it to include other countries.
By using [^.]+ for names it has at least a chance of working with i18n DNS. For example, for ουτοπία.δπθ.gr is OK, it matches δπθ.gr
Overall I think trying to build a regexp that encapsulates the policies of dozens of different registrars is a losing game. A slightly less bad approach would be to use multiple groks...
if [someField] =~ /(\.(art|asso|com|edu|gov|net|org|pol|tm|soc).dz|(ac|co|gov|judiciary|ltd|me|mod|net|nhs|nic|org|parliament|plc|police|royal|sch)\.uk)$/ {
grok { match => { "someField" => "[^.]+\.[^.]+\.[^.]+$" } }
} else {
grok { match => { "someField" => "[^.]+\.[^.]+$" } }
}
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.