like nr.5 said: need more input
please provide more detailed information about what you want to achieve and provide some example log data - thanks
2013 Jun 22 09:33:40 tracker1 httpproxyaccess: 10.10.34.17 3398 TCPMISS/200 0 NONHTTP binary://18.104.22.168:80 - DIRECT/22.214.171.124 - [acl=nonhttp] [cat=-] [err=-]
i have log like this. i want to extract url field. thank you
I think the regular expression you are looking for is:
EDIT: Probably get away with using the following, however I have a habit of escaping the characters:
You can test this using the
rex command, like:
<yourBaseSearch> | rex field=_raw "(?P<url>\w+\:\/\/[^\s]+)" | table _time url _raw
(Don't really need the table part, just makes it easier to match it up).
Once you have your regular expression correct, you can just paste that into the IFX (Interactive Field eXtractor).
Additionally, for testing regular expressions, the following site is very helpful:
Hope this helps.