Splunk正则表达式查找数据
Splunk regular expression to find data
我正在尝试从日志下方查找 x-sw-client-id 值,即自助服务自动化。键始终相同,但值会因客户端而异。你能建议我使用正则表达式或查询来查找访问我的服务的客户数量吗?
POST : http://selfservice.host.io/service
36677 > host: billing-host.io
36677 > user-agent: unirest-java/1.2.11 32322 > x-key: self-service
36677 > x-app-name: Self_Service_Consumer
36677 > x-sw-client-id: self-service-automation
36677 > x-forwarded-for: 111.111.110.134, 120.24.519.232, 110.423.232.432
36677 > x-forwarded-host: api-qa-self-service.host.io
36677 > x-forwarded-port: 443
试试这个。您的新字段名称将是 "ClientID"
... | rex x\-sw\-client\-id\:\s(?<ClientID>\S+)
我正在尝试从日志下方查找 x-sw-client-id 值,即自助服务自动化。键始终相同,但值会因客户端而异。你能建议我使用正则表达式或查询来查找访问我的服务的客户数量吗?
POST : http://selfservice.host.io/service
36677 > host: billing-host.io
36677 > user-agent: unirest-java/1.2.11 32322 > x-key: self-service
36677 > x-app-name: Self_Service_Consumer
36677 > x-sw-client-id: self-service-automation
36677 > x-forwarded-for: 111.111.110.134, 120.24.519.232, 110.423.232.432
36677 > x-forwarded-host: api-qa-self-service.host.io
36677 > x-forwarded-port: 443
试试这个。您的新字段名称将是 "ClientID"
... | rex x\-sw\-client\-id\:\s(?<ClientID>\S+)