在 kibana 中,我在“消息”字段中有以下类型的日志条目。我想从日志中搜索所有唯一/不同的 URL。
我的 URL 格式类似于 web.cluster.test.com/api/*
123.456.78.90 - a898fur6x5b10hd5 phoenix-xml login_unified "POST web.cluster.test.com/api/login_unified.php HTTP/1.1" "python-requests/2.21.0" - {"output":"xml","domain":"test","reusesess":"0","userid":"abc@test.net","pass":"<REDACTED>"} {"domain":"test","userid":"abc@test.net","pass":"<REDACTED>","mdpass":null,"reseller":null,"resellerpass":null,"reusesess":false,"output":"xml","apiuser":null,"apipass":"<REDACTED>","logout":null}
123.456.78.90 - a65oaby6x5b10hd5 phoenix-xml user_query "POST web.cluster.test.com/api/user_query.php HTTP/1.1" "python-requests/2.21.0" - {"output":"xml","domain":"test","reusesess":"0","userid":"abc@test.net","pass":"<REDACTED>"} {"domain":"test","userid":"abc@test.net","pass":"<REDACTED>","mdpass":null,"reseller":null,"resellerpass":null,"reusesess":false,"output":"xml","apiuser":null,"apipass":"<REDACTED>","logout":null}
如果我在搜索栏中使用“web.cluster.test.com/api/*”进行搜索,它会在搜索结果中为我提供模式 URL,但它们不是唯一的。
我们如何从中获取所有唯一的 URL?感谢您的帮助并感谢您。