Firewall Events uri with query string

I am trying to filter the results of the firewall event to better identify potential false positives.
One issue I ran into was with a specific API endpoint in our app.

The endpoint is always called with a get request and always has two query fields.

example: endpoint\request?field1=value1&field2=value2

The issue is that when I use “uri” field in the API to find firewall rules at this endpoint the values have to be an exact match. In addition, the second field is dropped in the API request, probably because of the URL encoding.

Is there a way of doing a wildcard search here, or a different way of passing the request?

Thank you for your help.