Regex pattern for url patterns to show as a single...

vickycoder27 · ‎04-09-2019

We have some below Regex patterns that have special characters, alphabets & digits and wanted them as a showing up as a single url in Dashboard as "/my-list/my-group/fetchGroup":

url=/my-list/my-group/MY_SPL_%26%5E%26%25%5E%26%23%25%24%5E%26%25%26%2A%25%2B%29%21%24%23%24%25%26%5E_new
url=/my-list/my-group/MY_SafeList_automation
url=/my-list/my-group/RfdL4fSjmS
url=/my-list/my-group/Bug%20May%20Be%20User%20Notification

I wrote one for digits as below and wanted for combination of special characters, alphabets & digits
(
url="bug/364756748/types" --->>> eval url=replace(url,"\/bug\/\d+.*\/types","bug/types")
)

grittonc · ‎04-10-2019

Try this regular expression, assuming that the characters between the first two pairs of / are either letters or "-":

...
| rex field=url "(?<url_group>\/[\w-]+\/[\w-]+\/).*" | eval url_group=url_group+"fetchGroup"

richgalloway · ‎04-10-2019

Using rex is the hard way to do that. Try urldecode, instead.

... | eval url=urldecode(url) | ...

---
If this reply helps you, Karma would be appreciated.

vickycoder27 · ‎04-09-2019

Kind or partially worked with below regex(except the special characters like % ! $) :"\/my-list\/my-group\/\w+.*"

Regex pattern for url patterns to show as a single url in Dashboard

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

Regex pattern for url patterns to show as a single url in Dashboard

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem