How do I remove multiple relevant URLs from column...

Monitoring Splunk

FYI -- Red marked URLs from the attached image should be remove from the output of splunk query which I shared below ..Please someone help for the same.

Query used in environment
=====================
index=claims_pd env=pd_cloud_e sourcetype=claims:cif:ibuapps "https://" NOT "*.gco.net" NOT "*.gcoddc.net" NOT "*gco.net"
| rex field=_raw "(?<externalURL>https:\/\/.[^\s]+)"
| stats values(externalURL) as externalURL,list(ResponseMessage) as ResponseMessage, count by ServiceName
| sort 0 - count
| dedup externalURL
|append
[search sourcetype=claims:cif:ibuapps "javax.net.ssl.SSLException" OR "javax.net.ssl.SSLHandshakeException" OR "Unable to tunnel through proxy" OR "HTTP response '400: Bad Request'" OR "(504)Gateway Timeout" OR "Access is denied" AND (ServiceName OR (doFinally AND "method:handleErrorResponse"))
| stats list(ResponseMessage) as ResponseMessage, count by ServiceName
| sort - count
| return ResponseMessage]

66 KB

Get Updates on the Splunk Community!

How do I remove multiple relevant URLs from column field of splunk query output

distributed search

Splunk MCP & Agentic AI: Machine Data Without Limits

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Join the Conversation

How do I remove multiple relevant URLs from column field of splunk query output

distributed search

Splunk MCP & Agentic AI: Machine Data Without Limits

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience