I've below 3 different types of API logs where I've to treat all 3 as same and get the count of the API.There are multiple versions of same API along with or without user guid which is a unique value.
Looing for a regex which reads the API until the alphanumeric string starts. In short , if I do stats count by API it should give the count as 3.
https://regex101.com/r/vFdbh7/1
| rex "\"address\":\"(?<api>[\w\/:]+?)(?=([a-z0-9]+\-[a-z0-9-]+)|$)"
Thanks a lot! This regex works for the given example. I've another pattern like this "address":"http://test-query-service.xxx-xxx.xxx.xxx.com/services/user/v1/deleteUser/342ad-123m4-r43rm-144dgdg" for which I'm trying to implement the regex you've given by modifying slightly but couldn't achieve the same result.Can you please help here? Also can you please break down the regex for my better understanding.
How much of this is real? For example, do you really have hyphens in the host name of the address? Are they the only place where hyphens occur apart from the end part?
Are there any other representative examples you wish to be considered?
Yes, I've hyphens and a full stop on the hostname that needs to be considered. So far identified those 4 patterns and that should be it.
Hi @Deprasad,
please try this regex:
| rex "\"address\":\"(?<uri>https*:\/\/[^\/]+\/[^\/]+\/[^\/]+)"
that you can test at https://regex101.com/r/Umz02I/1
if you already extracted the full APP value (and it's called "api_url "), you can use a different regex
| rex field=api_url "(?<uri>https*:\/\/[^\/]+\/[^\/]+\/[^\/]+)"
Ciao.
Giuseppe
