I just started using Splunk in my current project. Went through the documentation and found Splunk supports PCRE Regex.
I am searching peak hour API calls and segregating data. Since am a newbie got couple of queries while seraching the logs.
/Contact/v1/15965755/Order
To search above call in Splunk i used below pattern. It worked fine in https://regex101.com/.
\/Contact\/v1\/\d{1,}\/Order
But its not working in Splunk. I just modified like below then its working as expected.
/Contact/v1/*/Order
And one more doubt in regex. The above search returns some other calls given below
/Contact/v1/15965755/Order/VAT
/Contact/v1/15965755/Order/Status
To avoid unwanted calls, i used $ at the end as per documentation, but that also not working.
Please somebody throw some light on this..
Thank you..
↧