Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do i get the url without params

mikeyty07
Communicator
‎06-29-2021 05:16 PM

I am trying to make a report based on the url, and avg response that certain url is taking. I am able to get the logs but wanted specifically without the params so i can have how many response time certain url is making. Below is the sample eg:
I can see the data like this but it creates multiple data
https://abc-google.com/ABC/abc/1234/abc

like this and i want only data from one url 

https://abc-google.com/ABC/abc/1342/abc

which could remove the params and show something like this

https://abc-google.com/ABC/abc/{num}/abc

there are many url like this 

https://abc-google.com/CDE/abc/cde/abc/cde/111

Is it possible to get all the data without params and have average response time on it?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

venkatasri
SplunkTrust
SplunkTrust
‎06-29-2021 06:49 PM

@mikeyty07 naming the fields as url, Id, resp_time. Can you try following query?

<your_dbquery_goes_here> 
| stats values(url) as urls, avg(resp_time) as avg_time, max(resp_time) as max_time ,count by Id

---

An upvote would be appreciated and Accept solution if it helps!

View solution in original post

Reply
Solved! Jump to solution

venkatasri
SplunkTrust
SplunkTrust
‎06-29-2021 05:48 PM

@mikeyty07 That might work can  you post samples of ID's how they looks like?

0 Karma
Reply
Solved! Jump to solution

mikeyty07
Communicator
‎06-29-2021 06:02 PM

https://abc-google.com/ABC/abc/1342/abc  ID-- getABC

https://abc-google.com/CDE/abc/cde/abc/cde/111   ID--postCDE
something like these

0 Karma
Reply
Solved! Jump to solution

venkatasri
SplunkTrust
SplunkTrust
‎06-29-2021 06:07 PM

@mikeyty07  regex might not work can you post exact event samples, you can mask critical info when you post it. more the samples its better!

0 Karma
Reply
Solved! Jump to solution

mikeyty07
Communicator
‎06-29-2021 06:29 PM

i am actually searching dbquery so it wont show raw events but shows only stats 

https://abc.com/abc/api/cachepostApiCache13
https://abc.com/abc-tracktrack549
https://abc.com/bbc/api/apicapostCache15
https://abc.com/til/api/apiApiPOST14
https://abc.com:443/efghefgs382
0 Karma
Reply
Solved! Jump to solution
Solution

venkatasri
SplunkTrust
SplunkTrust
‎06-29-2021 06:49 PM

@mikeyty07 naming the fields as url, Id, resp_time. Can you try following query?

<your_dbquery_goes_here> 
| stats values(url) as urls, avg(resp_time) as avg_time, max(resp_time) as max_time ,count by Id

---

An upvote would be appreciated and Accept solution if it helps!

Reply
Solved! Jump to solution

mikeyty07
Communicator
‎06-29-2021 07:25 PM

Thank you!! this works perfectly

0 Karma
Reply
Solved! Jump to solution

venkatasri
SplunkTrust
SplunkTrust
‎06-29-2021 05:41 PM

Hi @mikeyty07 

Unless you have all list of all url's and what's the dynamic portion/params of eacjh url it's really hard achieving your  requirement. if you have that list  | rex mode=sed  is the way to replace dynamic portion to something like {param} and apply stats on top of it to gather avg etc..

---

An upvote would be appreciated if it helps!

Tags (1)
0 Karma
Reply
Solved! Jump to solution

mikeyty07
Communicator
‎06-29-2021 05:47 PM

how about if there is ID name(which is one unique name), instead of the url(because it contains other params as well for the same url) and based on the ID it display the avg time for other IDs as well with url displaying only params in it for other unique IDs  as well?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...
Top