How do I remove multiple relevant URLs from column...

Monitoring Splunk

FYI -- Red marked URLs from the attached image should be remove from the output of splunk query which I shared below ..Please someone help for the same.

Query used in environment
=====================
index=claims_pd env=pd_cloud_e sourcetype=claims:cif:ibuapps "https://" NOT "*.gco.net" NOT "*.gcoddc.net" NOT "*gco.net"
| rex field=_raw "(?<externalURL>https:\/\/.[^\s]+)"
| stats values(externalURL) as externalURL,list(ResponseMessage) as ResponseMessage, count by ServiceName
| sort 0 - count
| dedup externalURL
|append
[search sourcetype=claims:cif:ibuapps "javax.net.ssl.SSLException" OR "javax.net.ssl.SSLHandshakeException" OR "Unable to tunnel through proxy" OR "HTTP response '400: Bad Request'" OR "(504)Gateway Timeout" OR "Access is denied" AND (ServiceName OR (doFinally AND "method:handleErrorResponse"))
| stats list(ResponseMessage) as ResponseMessage, count by ServiceName
| sort - count
| return ResponseMessage]

66 KB

Get Updates on the Splunk Community!

How do I remove multiple relevant URLs from column field of splunk query output

distributed search

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Painting a Clearer Picture: Creating Cross-Domain Visibility with AI Canvas

Analytics Workspace deprecation

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

Join the Conversation