Regex pattern for url patterns to show as a single...

vickycoder27 · ‎04-09-2019

We have some below Regex patterns that have special characters, alphabets & digits and wanted them as a showing up as a single url in Dashboard as "/my-list/my-group/fetchGroup":

url=/my-list/my-group/MY_SPL_%26%5E%26%25%5E%26%23%25%24%5E%26%25%26%2A%25%2B%29%21%24%23%24%25%26%5E_new
url=/my-list/my-group/MY_SafeList_automation
url=/my-list/my-group/RfdL4fSjmS
url=/my-list/my-group/Bug%20May%20Be%20User%20Notification

I wrote one for digits as below and wanted for combination of special characters, alphabets & digits
(
url="bug/364756748/types" --->>> eval url=replace(url,"\/bug\/\d+.*\/types","bug/types")
)

grittonc · ‎04-10-2019

Try this regular expression, assuming that the characters between the first two pairs of / are either letters or "-":

...
| rex field=url "(?<url_group>\/[\w-]+\/[\w-]+\/).*" | eval url_group=url_group+"fetchGroup"

richgalloway · ‎04-10-2019

Using rex is the hard way to do that. Try urldecode, instead.

... | eval url=urldecode(url) | ...

---
If this reply helps you, Karma would be appreciated.

vickycoder27 · ‎04-09-2019

Kind or partially worked with below regex(except the special characters like % ! $) :"\/my-list\/my-group\/\w+.*"

Regex pattern for url patterns to show as a single url in Dashboard

Brains, Bytes, and Boston: Learn from the Best at .conf25

Splunk AppDynamics Agents Webinar Series

SplunkTrust Application Period is Officially OPEN!

Are you a member of the Splunk Community?

Regex pattern for url patterns to show as a single url in Dashboard

Brains, Bytes, and Boston: Learn from the Best at .conf25

Splunk AppDynamics Agents Webinar Series

SplunkTrust Application Period is Officially OPEN!