I would like to extract using a regex splunk the value of ~Address: : from the below log body
{"severity":"DEBUG","logger":"com.api.test.api.LogFilter","thread":"http-nio-8084-exec-2","message":"2023-02-01 20:01:06 [http-nio-8084-exec-2] DEBUG c.a.p.utils.api.filter.LogFilter - ~APP: API-Parametrage\r\n~Uuid: 6b7639f9-4e3c-491f-b3dd-ded494244f2a\r\n\r\nREQUEST **********************************\r\n~Address: : blablahost:80\/api\/cars\/bmw\/g\/v1\r\n~Encoding: UTF-8\r\n~Http-Method: POST\r\n~Content-Type: application\/json;charset=UTF-8\r\n}
my expected result is : http://blablahost:80/api/cars/bmw/g/v1
I have used this regex but dosen't work for me : Address: (.*?(?:(?!Encoding).)*)
How can I select up until the line break just before the \r\n~Encoding:?
Many thanks.
Tried : Address: (.*?(?:(?!Encoding).)*)
Expected : http://blablahost:80/api/cars/bmw/g/v1
This regex will take everything from the second
:following "Address" until the "\r". It assumes the "\r" are two literal characters rather than a carriage return.Address: : (?<URL>.*?)\\rIf the
\ris really a line ender then this regex is more efficient.Address: : (?<URL>\S+)