How to extract base_url and guid values into two s...

pdevosceazure · ‎11-28-2016

Hi

I have log files which collect url as:

cs_uri_stem="/dsa/api/playercommands/a6ada68b-7a72-4f38-b752-d99f7efd4cb8"

with a6ada68b-7a72-4f38-b752-d99f7efd4cb8 ( guid) different for all events.

I want to list all different base urls: like: /dsa/api/playercommands/

I cannot use the / because there can be more or less than 4.

I have a regex pattern to detect the guid, but that is just detecting it, I need to remove the guid.

I would also like to do the opposite which is only keep the guid so I can group per device.

So ideally, cs_uri_stem would become 2 fields: base_url and guid.

gokadroid · ‎11-28-2016

How about this

your query to return fields
| rex field=cs_uri_stem "\"(?<base_url>\/([^\/]+\/)+)(?<guid>[^\"]+)\""
| table base_url, guid

How to extract base_url and guid values into two separate fields from our current sample URL field?