在kibana中,“消息”字段中的日志条目类型如下。我想从日志中搜索所有唯一/不同的URL。
我的URL格式类似于web.cluster.test.com/api / *
123.456.78.90 - a898fur6x5b10hd5 phoenix-xml login_unified "POST web.cluster.test.com/api/login_unified.php HTTP/1.1" "python-requests/2.21.0" - {"output":"xml","domain":"test","reusesess":"0","userid":"abc@test.net","pass":"<REDACTED>"} {"domain":"test","userid":"abc@test.net","pass":"<REDACTED>","mdpass":null,"reseller":null,"resellerpass":null,"reusesess":false,"output":"xml","apiuser":null,"apipass":"<REDACTED>","logout":null}
123.456.78.90 - a65oaby6x5b10hd5 phoenix-xml user_query "POST web.cluster.test.com/api/user_query.php HTTP/1.1" "python-requests/2.21.0" - {"output":"xml","domain":"test","reusesess":"0","userid":"abc@test.net","pass":"<REDACTED>"} {"domain":"test","userid":"abc@test.net","pass":"<REDACTED>","mdpass":null,"reseller":null,"resellerpass":null,"reusesess":false,"output":"xml","apiuser":null,"apipass":"<REDACTED>","logout":null}
如果我在搜索栏中使用“ web.cluster.test.com/api/*”进行搜索,则可以在搜索结果中识别出网址格式,但是它们不是唯一的。
我们如何从中获取所有唯一的URL?寻求帮助,谢谢。