I have a field "BackendURL" which contains different url's.
for eg :
http://abc.com/emp?name=jim&no=101
http://abc.com/emp?name=tim&no=102
http://gef.com/vehicle
I am trying to generate a report by grouping the url's. Now when i group i want to uniquely identify the backend url , but ignore the queury params (anything after ?). I wrote this rex command to create a new field to substring the value before ? , but it does not work when the url does not contain "?" .
index="idx" Consumer|rex field=BackendURL "^(?.+?)\?"|stats count by BackendURL,url_noparams, host
Thanks and regards
Arun
↧