Solved: Re: Unable to extract complete URL from the below ...

mani9059 · ‎04-19-2021

Hi Team,

I am trying to extract complete URL from the below splunk search i tried many ways can you please help me on this.

Splunk log:

[2021-04-13 04:36:49.556 GMT] ERROR PipelineCallServlet|116901075255|Search-RemoteShow|PipelineCall|y6j3wsyHh1 custom [] component=Search,routine=Show,errorMessage="Out of stock products",URL=https://www.xyz.com/on/demandware.servlet/Sites-Bull-Site/default/Search-RemoteShow?queryDW=true&cgi...

But I am unable to get complete URL as a result , i am getting half of the URL. Can you please help me on this.

gcusello · ‎04-19-2021

Hi @mani9059,

to help you, I need the complete log to understand which char there is after the URL, so after the URL there's a space, you can try:

| rex "URL\=(?<url>[^ ]+)"

Ciao.

Giuseppe

View solution in original post

richgalloway · ‎04-19-2021

What have you tried so far and what were the results of each attempt? When you say "I am getting half of the URL", which part are you getting? I'm guessing it stops at an =. Please share the props.conf settings for this sourcetype.

---
If this reply helps you, Karma would be appreciated.

gcusello · ‎04-19-2021

Hi @mani9059,

to help you, I need the complete log to understand which char there is after the URL, so after the URL there's a space, you can try:

| rex "URL\=(?<url>[^ ]+)"

Ciao.

Giuseppe

gcusello · ‎06-07-2021

Hi @mani9059,

good for you, see next time!

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated by al the contributors 😉

Unable to extract complete URL from the below splunk log

regex

rex

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms