I have large variable URLs being logged that may include a unique substring somewhere within that is significant. How do I compare that URL against a lookup table of significant substrings?
For example some URL fields:
Match against two significant lookups, (keyword, Database):
Any thoughts?
how about this? ※Please change maxsearches as there are search counts that can be executed.
|inputlookup lookupfile |map search="search index=XXX $keyword$ |eval keyword=$keyword$,Database=$Database$"
