Alert on specific filepath?

I’m new to Suricata. If I had a specific folder on a server that has Suricata running (let’s say the folder is called “blog”) how do I have Suricata alert on that specific filepath when say GET or POST is used?

The rule I have now is

alert http any any -> any any (msg: “GET request”; content:“GET”; http_method; sid:99992;)

And I would’ve thought that the right modification to get what I want would be

alert http any any -> any any (msg: “GET request”; content:“GET”; content: “blog”; sid:99992;)

Or something similar. Can I use something like this

alert http any any -> any any (msg: “GET request”; content:“GET”; http_method; content: “blog”; http_uri; sid:99992;)

The real issue may be that I’m not querying it correctly. In another machine I’m using

curl /blog/

is that the right syntax for triggering those rules?

Yes. You can use both the second and third rule.
However, for accurate detection, the third rule is appropriate.

content:"GET"; content:"blog"; Identifies requests to the server with the path “blog”, but can lead to detectable problems if other values include blog.

For example,

GET / HTTP/1.1
Host: blog.server.com
...

Requests such as the above can also be detected.
The third rule is content:"GET"; http_mehtod; content:"blog"; http_uri; indicates that the value blog exists only in the URI. In other words, it does not detect that the “blog” string occurs anywhere other than the URI.

If you want to detect that the path is blog, host must be included. If the server host is server.com, it should be curl server.com/blog.