Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do i get the url without params

mikeyty07
Communicator
‎06-29-2021 05:16 PM

I am trying to make a report based on the url, and avg response that certain url is taking. I am able to get the logs but wanted specifically without the params so i can have how many response time certain url is making. Below is the sample eg:
I can see the data like this but it creates multiple data
https://abc-google.com/ABC/abc/1234/abc

like this and i want only data from one url 

https://abc-google.com/ABC/abc/1342/abc

which could remove the params and show something like this

https://abc-google.com/ABC/abc/{num}/abc

there are many url like this 

https://abc-google.com/CDE/abc/cde/abc/cde/111

Is it possible to get all the data without params and have average response time on it?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

venkatasri
SplunkTrust
SplunkTrust
‎06-29-2021 06:49 PM

@mikeyty07 naming the fields as url, Id, resp_time. Can you try following query?

<your_dbquery_goes_here> 
| stats values(url) as urls, avg(resp_time) as avg_time, max(resp_time) as max_time ,count by Id

---

An upvote would be appreciated and Accept solution if it helps!

View solution in original post

Reply
Solved! Jump to solution

venkatasri
SplunkTrust
SplunkTrust
‎06-29-2021 05:48 PM

@mikeyty07 That might work can  you post samples of ID's how they looks like?

0 Karma
Reply
Solved! Jump to solution

mikeyty07
Communicator
‎06-29-2021 06:02 PM

https://abc-google.com/ABC/abc/1342/abc  ID-- getABC

https://abc-google.com/CDE/abc/cde/abc/cde/111   ID--postCDE
something like these

0 Karma
Reply
Solved! Jump to solution

venkatasri
SplunkTrust
SplunkTrust
‎06-29-2021 06:07 PM

@mikeyty07  regex might not work can you post exact event samples, you can mask critical info when you post it. more the samples its better!

0 Karma
Reply
Solved! Jump to solution

mikeyty07
Communicator
‎06-29-2021 06:29 PM

i am actually searching dbquery so it wont show raw events but shows only stats 

https://abc.com/abc/api/cachepostApiCache13
https://abc.com/abc-tracktrack549
https://abc.com/bbc/api/apicapostCache15
https://abc.com/til/api/apiApiPOST14
https://abc.com:443/efghefgs382
0 Karma
Reply
Solved! Jump to solution
Solution

venkatasri
SplunkTrust
SplunkTrust
‎06-29-2021 06:49 PM

@mikeyty07 naming the fields as url, Id, resp_time. Can you try following query?

<your_dbquery_goes_here> 
| stats values(url) as urls, avg(resp_time) as avg_time, max(resp_time) as max_time ,count by Id

---

An upvote would be appreciated and Accept solution if it helps!

Reply
Solved! Jump to solution

mikeyty07
Communicator
‎06-29-2021 07:25 PM

Thank you!! this works perfectly

0 Karma
Reply
Solved! Jump to solution

venkatasri
SplunkTrust
SplunkTrust
‎06-29-2021 05:41 PM

Hi @mikeyty07 

Unless you have all list of all url's and what's the dynamic portion/params of eacjh url it's really hard achieving your  requirement. if you have that list  | rex mode=sed  is the way to replace dynamic portion to something like {param} and apply stats on top of it to gather avg etc..

---

An upvote would be appreciated if it helps!

Tags (1)
0 Karma
Reply
Solved! Jump to solution

mikeyty07
Communicator
‎06-29-2021 05:47 PM

how about if there is ID name(which is one unique name), instead of the url(because it contains other params as well for the same url) and based on the ID it display the avg time for other IDs as well with url displaying only params in it for other unique IDs  as well?

0 Karma
Reply
Get Updates on the Splunk Community!

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Index This | What goes away as soon as you talk about it?

May 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this month’s ...

What's New in Splunk Observability Cloud and Splunk AppDynamics - May 2025

This month, we’re delivering several new innovations in Splunk Observability Cloud and Splunk AppDynamics ...
Top