I am using splunk to ingest haproxy logs. Our HAproxy forwards requests onto a number of different servers for access to various APIs. Currently I have some reports to find the average repsonse times, 95th percentile etc for these different API calls. The current reports do searches on strings for the APIs and to generate the report. The API strings are hard coded in the reports. For example here is the framework of one of the reports:

sourcetype=haproxy:http status=200 ("api1_string?" OR "api2_string?" OR "api3_string?" OR "api4_string?" ) | eval API=case(searchmatch("api1_string?"),"api1",
searchmatch("api2_string?"),"api2",
searchmatch("api3_string?"),"api3",
searchmatch("api4_string?"),"api4",
true(),"unknown")
|stats avg(rtt) as AveragePerRequest, perc95(rtt) as 95thPercentile, count as Count by API | eval AveragePerRequest=round(AveragePerRequest,2)

Ideally I could have the strings for the searchmatches and the original search created dynamically.
The field to be evaluated for the api calls is the http_request field from the haproxy log. A couple of examples of

GET /path1/API?option1=answer2&option2=answer2 HTTP/1.1
POST /path1/path2/path3/path4/API HTTP/1.1

So basically the API will be the last path in the http_request dropping the query parameters that come after the ? if there.

So is it possible to dynamically generate the list of APIs for feeding into the report?

I have reviewed quite a bit of documentation, but I have not found anything that might help with this.