Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to exclude last 2 parts of the URL in Splunk?

bharath999
Observer
‎07-11-2022 05:35 AM

I have a URL as below

1.aa/bb/cc/dd

2.nbcn/hbd/hvhd/hbxn

 

Need to regular expression to get the below output

1.aa/bb

2.nbcn/hbd

Labels (2)
Labels
Tags (1)
0 Karma
Reply

somesoni2
Revered Legend
‎07-11-2022 07:03 AM

If you always want to exclude last 2 parts (regardless of how many segment your URL may have), try something like this

(?<shorturl>.+)\/[^\/]+\/[^\/]+$

 

In-line search

your search | rex "(?<shorturl>.+)\/[^\/]+\/[^\/]+$"

 

0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎07-11-2022 02:53 PM

An alternative is to use mode=sed on the original URL field

| rex mod=sed field=url "s/(\/[^\/]+){2}$/"

 

 

 

 

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎07-11-2022 05:50 AM 
| rex field=url "^(?<shorturl>[^\/]+\/[^\/]+)"
0 Karma
Reply
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...