Solved: How to replace digits in regex?

Dharani · ‎09-07-2022

Hi,

Below is the example for raw log:

20220906T23:43:58+03:00#0115dummyvalue.com#01110.111.169.11:51868#01110.45.38.135:8111#0110.527#011-#011-#011200#011200#0117180#011603#011GET /wapi/v3/gat/cust HTTP/1.1#0115ocilpapgap11.op.okobank.com

20220906T23:43:58+03:00#0115dummyvalue.com#01110.111.169.11:51868#01110.45.38.135:8111#0110.527#011-#011-#011200#011200#0117180#011603#011GET /wapi/v3/gat/cust/apis/info/015-000234567 HTTP/1.1#0115dummyvalue.com

20220906T23:43:58+03:00#0115dummyvalue.com#01110.111.169.11:51868#01110.45.38.135:8111#0110.527#011-#011-#011200#011200#0117180#011603#011GET /wapi/v3/gat/015-0000004847/cust/api HTTP/1.1#0115dummy value.com

From the above raw logs I need to extract the below fields:

/wapi/v3/gat/cust

/wapi/v3/gat/cust/apis/info/015-000234567

wapi/v3/gat/015-0000004847/cust/api

and it should be extracted and displayed in table/statistics like below format:

/wmpapi/v3/gat/cust

/wapi/v3/gat/cust/apis/info/{Id}

wapi/v3/gat/{Id}/cust/api

Basically in the fields , it should only take alphapets (including that v3) and we should replace digits to {Id} whereever it exist .

Can someone help me on this.

Thanks!

ITWhisperer · ‎09-08-2022

| rex \S+\s(?<URL>\S+)\s
| rex field=URL mode=sed "s/\/[\d\-]+/\/{Id}/g"

View solution in original post

ITWhisperer · ‎09-08-2022

| rex \S+\s(?<URL>\S+)\s
| rex field=URL mode=sed "s/\/[\d\-]+/\/{Id}/g"

Dharani · ‎09-08-2022

Thank you this worked

How to replace digits in regex?

field extraction

fields

stats

timechart

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor