AbsoluteUri=https://website.api.net/hch6348/relay/6bcb449b-7d85-4f71-a6f4-fae37808627f-udcc1.crp.hs.com/script/wnbr.dll
AbsoluteUri=https://website.api.net/hch6348/health
I have a field with a uri that looks like either of the above. I want to extract the word "relay" or "health" from the url into a field called apiEndpoint.
I've tried piping the field into this regex, but I cannot get it right: | rex "AbsoluteUri\":\"((\/.+?)(\/.+?)?<apiEndpoint>\/?)"
I have not been able to find an example like this on the Splunk forums. Any help would be appreciated
... View more