Hi, we would like to get unique query string patterns so that we can cache them at Akamai. i have written a query
rex field=uri "\?(?
Below is the output. You can see 1,2,4,5 etc are same pattern. So how do i get just the unique patterns.
i define pattern as having different parameters (not worried about neither the order of the parameters as long as they are same parameters nor the values of them). So that is why i said 1,2,4,5 are one pattern (same parameters but different values. Even if same values also i am fine). number 3 is another pattern, number 6 and 7 are different patterns. 8 and 10 are same pattern, 11 and 12 are same pattern etc.
Hmm yes..I guess..maybe
your base search | dedup uri | rex field=uri mode=sed "s/=[^&]+/=XXX/g" | dedup uri | eval uri = substr(uri,2) | table uri
Haven't tested it, but it should replace all parameter values in the URL with 'XXX'. Yes there are 2
dedups. The first one is for reducing the number of uri's to be processed by
rex. You might skip it if the
uri's are almost always different.
This search does not take the order of the parameters into account, so
would be considered different.
Should hopefully work...
This was some time ago, so I don't really remember 🙂
The effect is to remove the first character of the uri. If not needed - skip that step.
Thank you. So it will just remove the first character only?
so if i have uri as testuri?query=something, it will be esturi?query=something
Even better, use the 'cluster' command!
rex field=uri "?(?
With cluster you will get 2 fields, cluster_label (which is just the grouping number) and cluster_count (you many need to specify showcount=true, but this gives you the number of events in that grouping.