About kronite13

kronite13 · ‎07-16-2021

@richgalloway : I think using match() and exact regex will do the trick, I am testing it. Will let you know if it handles all the cases, I will mark this as the accepted answer. Thanks!

kronite13 · ‎07-16-2021

Hi @richgalloway , Thanks for the reply, I tried using it like this, but it gives a warning that having a wildcard in the middle might be an issue in matching if there are special characters in place of it. Do you think there is a way to prevent any misses due to this and be sure that it will be working correctly 100%?

kronite13 · ‎07-15-2021

Hi @efika , Thanks for your response! Could you give an example for what you are saying? What I am getting is, I need to add a new eval column with all the 3000 API endpoint patterns comma separated (Ex: /data/user/details/{id}, /data/places/{place_name}/street etc), and then check if the API endpoint in the event, matches with any of the API endpoint patterns which I have added in the eval column? Is that what you mean?

kronite13 · ‎07-15-2021

I need to do an analysis on API calls using logs, like avg, min, max, percentile99, percentil95, percentile99 response time, and also hits per second. So, if I have events like below : /data/users/1443 | 0.5 sec /data/users/2232 | 0.2 sec /data/users/39 | 0.2 sec Expectation: I want them to be grouped like below, as per their API pattern : proxy max_response_time /data/users/{id} | 0.5 sec These path variables (like {id}) can be numerical or can be a string with special characters I have about 3000 such API patterns which have path variables in them, they can be categorized into 3 types, those that have a path variable only at the end, those that have 1 or more path variables only in the middle, and those that have 1 or more path variables in the middle as well as in the end. Note: there are no arguments after the API i.e. like /data/view/{name}/pagecount?age=x. There will be just the URI part proxy method request_time /data/users/{id} POST 0.046 /server/healthcheck/check/up GET 0.001 /data/commons/people/multi_upsert POST 0.141 /store/org/manufacturing/multi_read POST 0.363 /data/users/{id}/homepage/{name} POST 0.084 /data/view/{name}/pagecount PUT 0.043 Category 1 (path variable only at the end) : /data/users/{id} POST 0.046 Category 2 (1 or more path variables only in the middle) : /data/view/{name}/pagecount PUT 0.043 /data/view/{name}/details/{type}/pagecount PUT 0.043 Category 3 (1 or more path variables only in the middle and also at the end) : /data/users/{id}/homepage/{name} POST 0.084 /data/users/{id}/homepage/{type}/details/{name} POST 0.084 Current Query : index="*myindex*" host="*abc*" host!=*ftp* sourcetype!=infra* sourcetype!=linux* sourcetype = "nginx:plus:access" | bucket span=1s _time| stats count by env,tenant,uri_path,request_method,_time I need the uri_path to be grouped as per the API patterns I have. 1 option is to add 3000 regex replace statements, like the one blow, in the query for each API pattern, but that makes query too heavy to parse, I tried something like this, for a sample pattern /api/data/users/{id} : |rex mode=sed field=uri_path "s/\/api\/data\/users\/([^\/]+)$/\/api\/data\/users\/{id}/g"

Posts	4
Solutions	0
Karma Given	0
Karma Received	1
Member Since	‎07-15-2021

Online Status	Offline
Date Last Visited	‎07-16-2021 04:23 AM

Grouping URLs by their path variable pattern

Re: Grouping URLs by their path variable pattern

Re: Grouping URLs by their path variable pattern

Re: Grouping URLs by their path variable pattern

Grouping URLs by their path variable pattern

Join the Conversation

Grouping URLs by their path variable pattern

Re: Grouping URLs by their path variable pattern

Re: Grouping URLs by their path variable pattern

Re: Grouping URLs by their path variable pattern

Grouping URLs by their path variable pattern