- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ThomasLeroy
Explorer
08-27-2014
01:43 AM
Hello,
I would like to extract bing and yahoo search from my proxySG logs.
i have this for yahoo search search yahoo 443 /search ?p=splunk&ei=UTF-8&fr=moz35 .
i use this regex to get the search p=(?
and i have this for bing www bing com/ search?q=splunk&qs=n&form=QBRE
Splunk always put the two in the same fields
is there a way to make a difference between yahoo and bing search ?
Thank you
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MuS
Legend
08-27-2014
03:49 AM
Hi ThomasLeroy,
based on your provided data, try this:
your base search here
| rex "yahoo.+\?p\=(?<YahooSearch>[^&]+)|bing.+\?q\=(?<BingSearch>[^&]+)"
| table YahooSearch BingSearch
hope this helps to get you started ...
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MuS
Legend
08-27-2014
03:49 AM
Hi ThomasLeroy,
based on your provided data, try this:
your base search here
| rex "yahoo.+\?p\=(?<YahooSearch>[^&]+)|bing.+\?q\=(?<BingSearch>[^&]+)"
| table YahooSearch BingSearch
hope this helps to get you started ...
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MuS
Legend
08-27-2014
04:24 AM
you're welcome
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ThomasLeroy
Explorer
08-27-2014
04:13 AM
work as expected
Thank !
