Hi I am thinking of analyzing the urls and need to extract some information. For example, for below url,
https://it.fotolia.com/id/102342882" : i will need to extract id = 102342882
https://us.fotolia.com/search?k=great+dental+smile&filters%5Bcontent_type%3Aall%5D=1&search-submit=Search" :
i will need to extract k=great+dental+smile
Is there way i can do? like what methods i should use?
Tks!
For the first example, use a grok filter. For the second example, use a grok filter to extract the part after "/search?", then use the kv filter to parse the list of key/value pairs. The resulting k field will need to be passed through a urldecode filter, but that filter won't turn the plus sign into space so I believe you need a final mutate filter with a gsub option that fixes that. Actually, you should probably put that filter before the urldecode filter.
Tks. For the 1st one, i have below config:
if [url] =~ "./.*.com/id/.*"{
grok{
match => { "url" => "..com/id/%{NUMBER: image_id}" }
}
I use conditional since this is only one format of the url. I have syntax error but i am not sure how to correct. Would you mind give some tip? Thanks!!
Well, you're never closing the conditional (i.e. there's a } missing at the end) but otherwise it should work.
You should use \.com instead of .com in the expression.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.