I have a URI field that contains call to different APIs like:
http://mydomain.com/A/v1/*
http://mydomina.com/B/v1/*
http://mydomina.com/C/v1/*
How can i use Splunk, maybe eval, to store calls to an API in a variable, B in another variable and so on?
Hi All,
I wanted to plot a time chart of the count of requests hitting different APIs. This worked for me.
source="*" earliest=-1@d |
eval aRequests=mvfilter(match(request_uri,"http://mydomain.com/A/v1/*")) |
eval bRequests=mvfilter(match(request_uri,"http://mydomain.com/B/v1/*")) |
eval cRequests=mvfilter(match(request_uri,"http://mydomain.com/C/v1/*"")) |
timechart count(aRequests) count(bRequests) count(cRequests)
@gibbs what does the event data look like. Can you add a mock? Also like somesoni2 asked... what is your use case once you get API calls as url extracted in a field?
Hi All,
I wanted to plot a time chart of the count of requests hitting different APIs. This worked for me.
source="" earliest=-1@d |
eval aRequests=mvfilter(match(request_uri,"http://mydomain.com/A/v1/")) |
eval bRequests=mvfilter(match(request_uri,"http://mydomain.com/B/v1/*")) |
eval cRequests=mvfilter(match(request_uri,"http://mydomain.com/C/v1/*"")) |
timechart count(aRequests) count(bRequests) count(cRequests)
@gibbs.. You should convert your comment as answer and accept the same.
What do you mean when you say "to store calls"?
Storing the fact that you made a call, or storing the language for the call itself, or something else?
Do you want to create a new field which contain the value A, B, C etc from the URI??
Hey,
I used to mvfilter along with match to get this.
I wanted separate fields for A,B, C..... Is there any other way to do this?
There may be, depending upon the what the final output that you to achieve. If you just want to add a separate field with those values without any reporting command that your eval is the way to go. If you're creating some other report, there might be other ways. If you could share your search/requirement/mock output, we can have a look.