What would be the fastest way to grab the URLs out of logs in Splunk? I am thinking a regex expression would work, but how would I format that? Some of the logs are Sourcefire, some are not. Any ideas?
Something link this:
rex field=_raw "(?https?:\/\/[\da-z.-]+.[a-z.]{2,6}[\/\w .-]*)"