Splunk Search

Regex pattern for url patterns to show as a single url in Dashboard

Explorer

We have some below Regex patterns that have special characters, alphabets & digits and wanted them as a showing up as a single url in Dashboard as "/my-list/my-group/fetchGroup":

url=/my-list/my-group/MY_SPL_%26%5E%26%25%5E%26%23%25%24%5E%26%25%26%2A%25%2B%29%21%24%23%24%25%26%5E_new
url=/my-list/my-group/MY_SafeList_automation
url=/my-list/my-group/RfdL4fSjmS
url=/my-list/my-group/Bug%20May%20Be%20User%20Notification

I wrote one for digits as below and wanted for combination of special characters, alphabets & digits
(
url="bug/364756748/types" --->>> eval url=replace(url,"\/bug\/\d+.*\/types","bug/types")
)

0 Karma

Contributor

Try this regular expression, assuming that the characters between the first two pairs of / are either letters or "-":

...
| rex field=url "(?<url_group>\/[\w-]+\/[\w-]+\/).*" | eval url_group=url_group+"fetchGroup"
0 Karma

SplunkTrust
SplunkTrust

Using rex is the hard way to do that. Try urldecode, instead.

... | eval url=urldecode(url) | ...
---
If this reply helps you, an upvote would be appreciated.
0 Karma

Explorer

Kind or partially worked with below regex(except the special characters like % ! $) :"\/my-list\/my-group\/\w+.*"

0 Karma