Hi,
I have a bunch of failure events of different api endpoints. The field is called RequestPath and some examples are:
Basically, I am trying to extract only the endpoints without the ids, so that I can get a count of which endpoints are failing, example
How can I do the same?
Actually,
I have my request path in log as
I need to extract "/v1/locations/" from it. Similarly I have endpoint
I need to extract only "/v1/exceptions/ABS/"
So I need to ignore the last string which comes after "/" and get the same.
| rex field=RequestPath "(?<location>.*/)"
Actually,
I have my request path in log as
I need to extract "/v1/locations/" from it. Similarly I have endpoint
I need to extract only "/v1/exceptions/ABS/"
So I need to ignore the last string which comes after "/" and get the same.
So when you said you had a field called RequestPath, you meant you don't have a field called RequestPath?
Instead you meant, you have a raw event which you need to extract a field called RequestPath from, and then extract the first part (up to the last /)?
Perhaps you could share some of your actual events and identify which fields have already been extracted?
Hi,
I do have a field called RequestPath. Here are 3 different event logs.
Properties: { [-]
Host:
MachineName:
RequestId:
RequestPath: /v1/locations/41b2ee1b-145es
StatusCode: 404
}
Properties: { [-]
Host:
MachineName:
RequestId:
RequestPath: /v1/exceptions/ODD/123
StatusCode: 404
}
Properties: { [-]
Host:
MachineName:
RequestId:
RequestPath: /v2/timebuckets/A4GH-A
StatusCode: 404
}
My need is to have a count of how many errors are there for each request path without the ID(which is the last string in the endpoint after '/')
So
Something like this.
Something like
| rex field=RequestPath "^(?<endpoint>.+/)[^/]+$"
| stats count by endpoint
or, more "formal"ly,
| eval RequestPath = split(RequestPath, "/")
| eval endpoint = mvjoin(mvindex(RequestPath, 0, mvcount(RequestPath) - 1), "/")
| stats count by endpoint
Thanks. It looks like your events are partially JSON. Have you extract the RequestPath field already, or do you need some guidance on that? (If it has been done already, it might have a different name "...Properties.RequestPath for example.