Grok and regex on an URL

Question

Given the following as an input:

https://api.example.net:443/v1/domain/action
https://api.exmaple.net:443/v2/domain/action?tag=test
https://api.example.net:443/v3/domain/action/test

What Grok regular expression can break all of the above into:

{
  "request_endpoint": [
    [
      "https://api.example.net:443"
    ]
  ],
  "request_version": [
    [
      "v3"
    ]
  ],
  "request_domain": [
    [
      "domain"
    ]
  ],
  "request_api": [
    [
      "action"
    ]
  ]
}

This is the closest I was able to get, but there's an /n if the first example is passed:

/(?<request_endpoint>[^/]+)+/(?<request_version>[^/]+)+/(?<request_domain>[^/]+)/(?<request_api>[^/!\?]+)

I was testing with https://grokdebug.herokuapp.com/

score 0 · Answer 1 · answered Nov 15 '19 at 20:15

0

I think this solves it, I was getting the newline character because my test string had that :(

/(?<request_endpoint>[^/]+)+/(?<request_version>[^/]+)+/(?<request_domain>[^/]+)/(?<request_api>[^/!\?]+)

answered Nov 15 '19 at 20:15

o1o1o11o1

39
1
6

Grok and regex on an URL

1 Answers1