Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What is the regular expression that will get the servlet name in a URL?

rbathla
New Member
‎12-07-2016 08:31 PM

Taking an example below, I am looking to be make a regular expression that will give me name of servlet form below (after last slash and first question mark).

URL:
/shop/mystore/ProductDisplay?urlRequestType=Base

Result:
ProductDisplay

Tags (1)
0 Karma
Reply

gokadroid
Motivator
‎12-07-2016 09:41 PM

try this if say your url is in field myField

your query to return the events
| rex field=myField "\/([^\/]+\/)*(?<servlet>[^\?]+)\?.*"
| table servlet

See regex at work here

If the field is not already extracted then try it generally with or without string field=_raw in below query:

your query to return the events
| rex field=_raw  "\/([^\/]+\/)*(?<servlet>[^\?]+)\?.*"
| table servlet
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...