I have field in my raw events
src = https://www.abcd.com/shop/buy-laptop/dell-200
src= https://www.abcd.com/shop/buy-mobile/LG-i20
I want to extract files product family and products. family like laptop, mobile and Products values like dell-200, LG-i20
Thanks for your time.
Hi sandeepmakkena,
Try something like this:
your search here
| rex field=src "buy-(?<family>[^\/]+)\/(?<product>.+)$"
| more SPL here
This will return a field called family
and product
with values of laptop
or mobile
respectively dell-200
or LG-i20
based on your provided sample events.
Hope this helps ...
cheers, MuS
Hi sandeepmakkena,
Try something like this:
your search here
| rex field=src "buy-(?<family>[^\/]+)\/(?<product>.+)$"
| more SPL here
This will return a field called family
and product
with values of laptop
or mobile
respectively dell-200
or LG-i20
based on your provided sample events.
Hope this helps ...
cheers, MuS
Greetings @sandeepmakkena,
Please try this run-anywhere search. Pick and choose the values you need.
| makeresults
| eval src = "https://www.abcd.com/shop/buy-laptop/dell-200"
| append
[ | makeresults
| eval src= "https://www.abcd.com/shop/buy-mobile/LG-i20" ]
| rex field=src "(?<category>[^/]+)/[^/]+$"
| rex field=src "buy-(?<category_no_buy>[^/]+)/[^/]+$"
| rex field=src "(?<item>[^/]+)$"
| table src category_no_buy category item
Output:
src category_no_buy category item
https://www.abcd.com/shop/buy-laptop/dell-200 laptop buy-laptop dell-200
https://www.abcd.com/shop/buy-mobile/LG-i20 mobile buy-mobile LG-i20