Regex Extraction for WordPress Version from Apache Logs

The following Splunk search extracts the WordPress version from your Apache Web Logs. For fun I also did a time chart using 100% stacked bar chart to show by month each version of wordpress used. This was actually a pretty neat display of colors to show the upgrade path of WordPress over the years! I was able to quickly see what WordPress versions stuck around for a while, and which versions were patched pretty quick!

This query in and of itself is likely not useful, but the extraction of WordPress version should help someone!

sourcetype="access_combined" | rex "\"WordPress\/(?P<WP_version>.+?(?=;))" | where isnotnull(WP_version) | timechart span=1month count by WP_version limit=0 useother=0

Share This:

Leave A Comment?