About guptapesh

guptapesh · ‎10-17-2021

This is the proper formatted log : { "timestamp": "2021-10-17T15:03:56,763Z", "level": "INFO", "thread": "reactor-http-epolpl-20", "message": "method=GET, uri=/api/v1/hello1, status=200, duration=1", "logger": "reactor.netty.http.server.AccessLog" } Problem I am facing is like, I am having some GET requests in which values are coming in path variables like below : 1. /api/v1/dummy/D000/2021-10-14T11:00:00+00:00/2021-10-15T06:00:01+00:00 2. /api/v1/dummy/D023/2021-10-14T21:00:00+00:00/2021-10-19T06:00:25+00:00 Now for this particular url (/api/v1/dummy/{id}/{date1}/{date2}), it logs all the request with the above query, I want a generic regex to collect all the request. The above query works perfectly for the POST url, in which there are no incoming parameters like (/api/v1/add/user)

guptapesh · ‎10-17-2021

This is the sample accessLog which is coming up in the Splunk ui. {"timestamp":"2021-10-17T15:03:56,763Z","level":"INFO","thread":"reactor-http-epolpl-20","message":"method=GET, uri=/api/v1/hello1, status=200, duration=1, "logger":"reactor.netty.http.server.AccessLog"} {"timestamp":"2021-10-17T15:03:56,763Z","level":"INFO","thread":"reactor-http-epolpl-20","message":"method=GET, uri=/api/v1/dummy1, status=200, duration=1, "logger":"reactor.netty.http.server.AccessLog"} I want to extract the url and make a count for all the API's like how many times an API is hitted from the uri part(uri=/api/v1/dummy1). I tried the below query, but it's not giving the desired result. index=dummy OR index=dummy1 source=*dummy-service* logger=reactor.netty.http.server.AccessLog | rex field=message "(?<url>uri.[\/api\/v1\/hello]+)" | chart count by url Can someone help in this ?

Posts	2
Solutions	0
Karma Given	0
Karma Received	0
Member Since	‎10-17-2021

Online Status	Offline
Date Last Visited	‎10-18-2021 04:14 AM

Extract Url from access log and count the no of ti...

Re: Extract Url from access log and count the no o...

Extract Url from access log and count the no of ti...