Hello folks,
I am new to Splunk and need to get a report in CSV file or table.
I like to see only URL and values of parameters in A, B, C, or D column.
There is a chance to have combination of these parameters in URL.
i.e: http//www.XX.com/YY/form/ZZ/test1.html?A=*&B=&C=*&D=
i.e: http//www.XX.com/YY/form/ZZ/test2.html?A=&B=*&C=*
i.e: http//www.XX.com/YY/form/ZZ/test3.html?C=&D=*
All factorial combination of parameters should be show in the report and escape duplicate ones.
This is my sample query:
(splunk_server_group=default OR splunk_server_group=XX) (index=DD) host = "public*web*" "GET //www.XX.com/YY/" AND "/form/ZZ/" AND "/form/" AND ("A=" OR "B=" OR "C=" OR "D=") | rex field=_raw "A=(?[^&]) B=(?[^&]) C=(?[^&]) D=(?[^&])" | dedup A | fields host,url,A,B,C,D | table host url A B C D
... View more