I have field in my raw events
src = https://www.abcd.com/shop/buy-laptop/dell-200
I want to extract files product family and products. family like laptop, mobile and Products values like dell-200, LG-i20
Thanks for your time.
Try something like this:
your search here
| rex field=src "buy-(?<family>[^\/]+)\/(?<product>.+)$"
| more SPL here
This will return a field called family and product with values of laptop or mobile respectively dell-200 or LG-i20 based on your provided sample events.
Hope this helps ...
View solution in original post
Please try this run-anywhere search. Pick and choose the values you need.
| eval src = "https://www.abcd.com/shop/buy-laptop/dell-200"
[ | makeresults
| eval src= "https://www.abcd.com/shop/buy-mobile/LG-i20" ]
| rex field=src "(?<category>[^/]+)/[^/]+$"
| rex field=src "buy-(?<category_no_buy>[^/]+)/[^/]+$"
| rex field=src "(?<item>[^/]+)$"
| table src category_no_buy category item
src category_no_buy category item
https://www.abcd.com/shop/buy-laptop/dell-200 laptop buy-laptop dell-200
https://www.abcd.com/shop/buy-mobile/LG-i20 mobile buy-mobile LG-i20