index=*
| spath msg.uri
| rename msg.uri as url
| rex field=url "shop(?[a-zA-Z\/\-0-9\.]+)"
| rex field=ex_url "buy-(?[^\/]+)\/(?[^\/]+)"
| eval url_N="/shop/"+"buy-"+family +"/" + product +"/"
| eval N_url = coalesce(url, url_N)
| stats count by N_url
| sort -count
| head 100
I am trying to find count by URL, but I also need to combine count value that looks like `/shop/buy-phone/LG'. /shop/buy-laptop/Mac` as `/shop/buy-phone/ or /shop/buy-laptop/`. Finally, when I count my URL I need to include these group URLs count with the other URL. I tried above, I am missing something.
Thanks for your time.
↧