Max TPS per client

Example1:
2017-07-20 14:12:49.647,prdtla002-05250936-002dd783ee,/whatever/v1/whatever,none,255.255.255.255,etc
or
Example2:
2017-07-20 14:12:49.644,ie2-tla04b-prd-07201200-00000019db,/whatever/v2.0/summary,none,255.255.255.255,etc

purpose:

requirements:

comments:

I have to migrate a query from Sumo to Splunk. The query looks like this in sumo: "_sourceCategory=production_bf-currency-exchange-service_cougar-access NOT "healthcheck" | parse regex "prd(?[a-zA-Z]{3,4})" | timeslice 1m | count as tpm by _timeslice, client | tpm/60 as tps | _timeslice as _messageTime | max(tps) as MAX_TPS by client | sort by MAX_TPS desc" this query only works for the first example, on top of this now I need to add a regex for the second example as well.