How to create a regex that gives the count, if the...

sanvica · ‎03-30-2022

Hi Experts,

I have an issue with the search string, I have a url text like below and I need to filter that out using regex. I am not able to create a regex that would give the count if the url string has two question mark symbols, not consecutive though.

/shop/us/aabc-abc-aaa?filtered=true&rows=240&start=0&facet=ads_f42001_ntk_cs:(%22aaa-Babbab%22)&cmp=DIS:SPR22:HCo:M:US:PSP:TT:X:X:X:JEANS:X:JEAN:X:JanWk4AABBBs15s

Thanks

yuanliu · ‎03-31-2022

To count how many occurrences, use mvcount

| rex field=url max_match=0 "\?(?<param>[^?]+)"
| eval qcount = mvcount(param)

e.g., url="/shop/us/aabc-abc-aaa?filtered=true&rows=240&start=0&facet=ads_f42001_ntk_cs:(%22aaa-Babbab%22)&cmp=DIS:SPR22:HCo:M:US:PSP:TT:X:X:X:JEANS:X:JEAN:X:JanWk4AABBBs15s" gives

param	qcount	url
filtered=true&rows=240&start=0&facet=ads_f42001_ntk_cs:(%22aaa-Babbab%22)&cmp=DIS:SPR22:HCo:M:US:PSP:TT:X:X:X:JEANS:X:JEAN:X:JanWk4AABBBs15s	1	/shop/us/aabc-abc-aaa?filtered=true&rows=240&start=0&facet=ads_f42001_ntk_cs:(%22aaa-Babbab%22)&cmp=DIS:SPR22:HCo:M:US:PSP:TT:X:X:X:JEANS:X:JEAN:X:JanWk4AABBBs15s

whereas url="/shop/us/aabc-abc-aaa?filtered=true&rows=240&start=0&facet=ads_f42001_ntk_cs:(%22aaa-Babbab%22)?cmp=DIS:SPR22:HCo:M:US:PSP:TT:X:X:X👖X:JEAN:X:JanWk4AABBBs15s" gives

param	qcount	url
filtered=true&rows=240&start=0&facet=ads_f42001_ntk_cs:(%22aaa-Babbab%22) cmp=DIS:SPR22:HCo:M:US:PSP:TT:X:X:X:JEANS:X:JEAN:X:JanWk4AABBBs15s	2	/shop/us/aabc-abc-aaa?filtered=true&rows=240&start=0&facet=ads_f42001_ntk_cs:(%22aaa-Babbab%22)?cmp=DIS:SPR22:HCo:M:US:PSP:TT:X:X:X:JEANS:X:JEAN:X:JanWk4AABBBs15s

ITWhisperer · ‎03-31-2022

| regex url="\?[^\?]+\?"

How to create a regex that gives the count, if the url string has two question mark symbols (not consecutive though)?

regex

rex

Index This | I’m short for "configuration file.” What am I?

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Your Guide to SPL2 at .conf24!