I have a URL as below
1.aa/bb/cc/dd
2.nbcn/hbd/hvhd/hbxn
Need to regular expression to get the below output
1.aa/bb
2.nbcn/hbd
If you always want to exclude last 2 parts (regardless of how many segment your URL may have), try something like this
(?<shorturl>.+)\/[^\/]+\/[^\/]+$
In-line search
your search | rex "(?<shorturl>.+)\/[^\/]+\/[^\/]+$"
An alternative is to use mode=sed on the original URL field
| rex mod=sed field=url "s/(\/[^\/]+){2}$/"
| rex field=url "^(?<shorturl>[^\/]+\/[^\/]+)"
