Hi @efavreau , Below are sample of events.
Sample 1:
2019-11-22 13:33:00,394 http-nio-8101-exec-11 INFO RequestFilter [trace=0909642b66224b25, span=d9b011f5c79bd083, userID=, clientID=ele-app-identity-usr, appName=IRIS,ele-app-identity, deviceId=a4393ebf3b17713ef24a2b77acaf5696] - starting /v1/*/search/account, gitId 0e8af6a, clientId ele-app-identity-usr, userId null, appName IRIS,ele-app-identity, deviceIda4393ebf3b17713ef24a2b77acaf5696
Sample 2:
2019-11-22 13:33:00,999 http-nio-8101-exec-16 INFO PathParmRedirectingFilter [trace=, span=, userID=TCHANDLER, clientID=iris-client, appName=ARKE,ele-app-cc, deviceId=9f4d6f097b554a75ab7bce5b09ac04c5] - Base64 Request Forwarded to /v1/{}/billToAccount/division/DC/customer/{}/billTo?billTo=%2540B09247
Sample 3:
2019-11-22 13:33:00,963 http-nio-8101-exec-9 INFO RequestFilter [trace=02a5d3c96b20fb9c, span=db22b4a3ff5b0520, userID=, clientID=gnp-usr, appName=, deviceId=] - starting /v1/{}/billToAccount/division/ATL/customer/{}/billTo, gitId 0e8af6a, clientId gnp-usr, userId null, appName null, deviceIdnull
And yes, I had to write regular expression to extract Endpoint as field1
I have used below query to get Total Count of Endpoints used by different Consumer:
index=** "/v1/{}/billToAccount/division//customer//billTo" sourcetype=xx | rex "^[^]\n]]\s+-\s+\w+\s+(?P[^,]+)" | stats count(URL) as TotalCount , first(trace) as TraceID by clientID | rename clientID as Consumer | dedup TraceID | table Consumer, TotalCount | sort -TotalCount | addcoltotals
I got following results:
ClientId1 100 Records
ClientID2 20 Records
Now, I am looking group all different endpoints by single ClientID (Consumer):
URL TotalCount
/v1//billToAccount/division/ATL/customer//billTo 100
/v1/*/search/account 2000
Note - Where I have wildcard(*), we have different values.
... View more