I am executing below splunk query.
index=api sourcetype=api-warn environ::api-prod*
| bin _time span=1h
| rex mode=sed field=service_name “s#..*$##” | rex field=requestPath “https://api.com.org.net/(abc)/(def)”
| stats count(service_name) by _time,service_name
In addition, I learn from splunk certification
Getting below error: Error in 'rex' command: The regex 'https://api.com.org.net/(abc)/(def)' does not extract anything. It should specify at least one named group. Format: (?...).
Suppose, one of the url is:
https://api.com.org.net/abc/def/some_number/?key=value&key=value
My regular expression:
https:\/\/(<api\.com\.org\.net\/abc\/def>*)
My regular expression does not match url, Could someone help out.
Not sure what is the issue here. I am using regex to match part of url abc/def in url'. Not sure what is going wrong. Can some one direct me in proper direction?