Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I edit my rex field=UEI mode=sed syntax to 'district' my sample URIs?

karthi2809
Builder
‎09-26-2017 04:14 AM

As of now I am using:

rex field=URI mode=sed "s/=[^?]+/=xxx/g"

But its not working

/v1/mb/members/15d628b4-0d113-09b8ec770efd/option

/v1/mb/members/216570ce-c199-4ab9--c0cf3ddd404e/option

/v1/mb/members/36fbe9a8-882d-4a94-882561f81074/option

/v1/mb/members/4d573446-1d4f-483a-c5d64c33/option

/v1/mb/members/5cc2fa84-4b91-45bf-9c1/option

0 Karma
Reply

DalJeanis
Legend
‎09-26-2017 03:26 PM

Your current rex is telling the system to replace an =, followed by any number of things that are not ?, with xxx.

If you explain what you want it to do, then we can help you.

0 Karma
Reply

gokadroid
Motivator
‎09-26-2017 01:21 PM

can you please post sample log entries and what do u want to extract/replace from those log entries.

0 Karma
Reply

sbbadri
Motivator
‎09-26-2017 01:27 PM

rex field=URI mode=sed "s/[^?]+/xxx/g"

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...