Solved: How to generate a search that will group a URL fie...

aluruguna · ‎11-08-2016

I would like to group URL fields and perform a total count. An example might be like:
www.nasdaq.com/symbol/?Load=true&Search=ssss
www.nasdaq.com/symbol/?Load=true&Search=ddd
www.nasdaq.com/symbol/?Load=true&Search=xxx
www.nasdaq.com

I'd like to see
www.nasdaq.com 4

I was using My search|stats count by url but I'm getting all the results like this

URL                                                               Count
www.nasdaq.com/symbol/?Load=true&Search=ssss                        1
www.nasdaq.com/symbol/?Load=true&Search=ddd                         1
www.nasdaq.com/symbol/?Load=true&Search=xxx                         1
www.nasdaq.com                                                      1

I'd like to see

URL                                                               Count
www.nasdaq.com                                                      4

gokadroid · ‎11-08-2016

What you would require to do is extract the base url from the url field and count on them like this:

yourQuery to return field url
| rex field=url "^(?<baseUrl>[^\/\s]+)"
| stats count by baseUrl

See the extraction of baseUrl from url here

View solution in original post

gokadroid · ‎11-08-2016

What you would require to do is extract the base url from the url field and count on them like this:

yourQuery to return field url
| rex field=url "^(?<baseUrl>[^\/\s]+)"
| stats count by baseUrl

See the extraction of baseUrl from url here

How to generate a search that will group a URL field and perform total count?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!