https://community.splunk.com/t5/Getting-Data-In/Need-script-to-send-logs-to-netcool/m-p/121761#M25231 <P>I'm using the below query as MuS suggested,</P> <PRE><CODE> *swt* "changed state to" */*/* | rex "(?i) Interface (?P[^,]+)" | rex "(?i)changed state to (?P.+)" | table host, AnInterface, UpDown, _time | sort -_time | reverse </CODE></PRE> <P>Could any one please provide the script, so that splunk will send the below logs to netcool. </P> <PRE><CODE>data1swt0001 GigabitEthernet1/0/1 down 2015-01-24 23:48:38 data1swt0001 GigabitEthernet1/0/1 down 2015-01-24 23:48:38 data1swt0001 GigabitEthernet1/0/1 up 2015-01-24 23:52:08 data1swt0001 GigabitEthernet1/0/1 up 2015-01-24 23:52:08 </CODE></PRE> <P>Thanks....</P> Thu, 29 Jan 2015 05:56:21 GMT marees123 2015-01-29T05:56:21Z https://community.splunk.com/t5/Getting-Data-In/Need-script-to-send-logs-to-netcool/m-p/121761#M25231 <P>I'm using the below query as MuS suggested,</P> <PRE><CODE> *swt* "changed state to" */*/* | rex "(?i) Interface (?P[^,]+)" | rex "(?i)changed state to (?P.+)" | table host, AnInterface, UpDown, _time | sort -_time | reverse </CODE></PRE> <P>Could any one please provide the script, so that splunk will send the below logs to netcool. </P> <PRE><CODE>data1swt0001 GigabitEthernet1/0/1 down 2015-01-24 23:48:38 data1swt0001 GigabitEthernet1/0/1 down 2015-01-24 23:48:38 data1swt0001 GigabitEthernet1/0/1 up 2015-01-24 23:52:08 data1swt0001 GigabitEthernet1/0/1 up 2015-01-24 23:52:08 </CODE></PRE> <P>Thanks....</P> Thu, 29 Jan 2015 05:56:21 GMT https://community.splunk.com/t5/Getting-Data-In/Need-script-to-send-logs-to-netcool/m-p/121761#M25231 marees123 2015-01-29T05:56:21Z https://community.splunk.com/t5/Getting-Data-In/Need-script-to-send-logs-to-netcool/m-p/121762#M25232 <P>Hi marees123,</P> <P>I don't think this is going to happen....because:</P> <UL> <LI>One must know how this could be done</LI> <LI>What netcool is and how it can receive external data</LI> <LI>Create a custom search command that reads in the Splunk search result, process the events and sends it over what ever technique to this netcool</LI> </UL> <P>Lots to do for you, you can start here by reading the docs about a custom search command <A href="http://docs.splunk.com/Documentation/Splunk/6.2.1/AdvancedDev/Searchscripts">http://docs.splunk.com/Documentation/Splunk/6.2.1/AdvancedDev/Searchscripts</A></P> <P>I know this not your expected answer, but it's like this - we all can help, but we will not do your work <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> <P>cheers, MuS</P> Thu, 29 Jan 2015 09:45:40 GMT https://community.splunk.com/t5/Getting-Data-In/Need-script-to-send-logs-to-netcool/m-p/121762#M25232 MuS 2015-01-29T09:45:40Z https://community.splunk.com/t5/Getting-Data-In/Need-script-to-send-logs-to-netcool/m-p/121763#M25233 <P>thanks MuS...yes.. i will read. thanks again.</P> Thu, 29 Jan 2015 09:53:18 GMT https://community.splunk.com/t5/Getting-Data-In/Need-script-to-send-logs-to-netcool/m-p/121763#M25233 marees123 2015-01-29T09:53:18Z