Hi Team,
Can you help as I want only selected url's to display in my query output.
index=dev_env sourcetype="urldata" URL ="*" LoadTime="*"| timechart span=1m eval(round(avg(LoadTime),0)) as TimeUsedtoload by URL| fields + _time "https://www.pingtest.com/Logins/Login.aspx?testid=1578&actid=21047" https://www.pingtest.com/*/testing.aspx" "https://www.othertest.com/Logins/*.aspx"
The output includes all the URL's like -
_time https://www.servermonitor/server.aspx?filetype_id=474&mode=new https://www.pingtest.com/Testdata.aspx https://www.pingtest.com/Logins/Login.aspx?testid=1578&actid=21047 and_other_multipleurls
I want to display only URL's which are like " https://www.pingtest.com/Logins/Login.aspx?testid=1578&actid=21047" " https://www.pingtest.com/Logins/Login.aspx" " https://www.othertest.com/Logins/Login.aspx?testid=1578&"
and from above which are having not null values.
@sahil237888 you should filter URLs upfront while pulling from index (Refer to documentation: https://docs.splunk.com/Documentation/Splunk/latest/Search/Quicktipsforoptimization) . So if you are interested only in specific URLs you should add them to first SPL i.e.
index=dev_env sourcetype="urldata" URL IN ("https://www.pingtest.com/Logins/Login.aspx*","https://www.othertest.com/Logins/Login.aspx*") | timechart span=1m eval(round(avg(LoadTime),0)) as TimeUsedtoload by URL
Hi
add before stats
| where ( match(URL,"https://www.pingtest.com/<rest of static URL>%) AND match(URL, "<your Second static URL>%"))
and add there as many match part as needed.r. Ismo
