Hi, i am using the below search query to get uri commands from the access logs. But result includes page resources as well (js, imgs, css etc). I want to exclude these. How can i do that?
Basically i want to exclude any uri which ends with (.js, .css, .img, etc). How can i add that condition to the below query?
sourcetype=access_combined_wcookie host=qalws* LR_VPT_HYBRIS | rex field=uri "/(?P
Example to exclude js and css files
index=_* sourcetype="splunk_web_access" NOT ( uri=*.js OR uri=*.css) | table uri
So you should be good to just modify your main search as follows :
sourcetype=access_combined_wcookie host=qalws LR_VPT_HYBRIS NOT (uri=*.js OR uri=*.css OR uri=*.img)
No problem - feel free to accept the answer if it worked for you
Awesome. Thank you both. it is working fine. I was doing uri!= and it did not give me proper results. Thanks for your help.
Example to exclude js and css files
index=_* sourcetype="splunk_web_access" NOT ( uri=*.js OR uri=*.css) | table uri
So you should be good to just modify your main search as follows :
sourcetype=access_combined_wcookie host=qalws LR_VPT_HYBRIS NOT (uri=*.js OR uri=*.css OR uri=*.img)