topic Re: Syslog failed event to be viewed in a table format? in Dashboards & Visualizations https://community.splunk.com/t5/Dashboards-Visualizations/Syslog-failed-event-to-be-viewed-in-a-table-format/m-p/220924#M43550 <P>Start with extracting the interesting fields, here is a link to some info:<BR /> <A href="http://docs.splunk.com/Splexicon:Fieldextraction">http://docs.splunk.com/Splexicon:Fieldextraction</A></P> <P>Then try a search something like:<BR /> Index=* sourcetype=syslog Failed | table _time Server User IP Port</P> <P>Here is a link to some educaton videos as well: <A href="https://www.splunk.com/view/education-videos/SP-CAAAGB6">https://www.splunk.com/view/education-videos/SP-CAAAGB6</A><BR /> Try searching Youtube for some beginner videos also.</P> Tue, 04 Oct 2016 18:49:34 GMT mydog8it 2016-10-04T18:49:34Z Syslog failed event to be viewed in a table format? https://community.splunk.com/t5/Dashboards-Visualizations/Syslog-failed-event-to-be-viewed-in-a-table-format/m-p/220923#M43549 <P>Hi all,</P> <P>Just like to know how to convert this syslog log event to be viewed as a table format in Splunk? Guessing this needs be in a rex format similar to another splunk answer post that i saw but i am newbie in this area. </P> <P>EG Syslog:<BR /> Oct 3 18:57:37 abc001234 sshd[12345678]: Failed password for invalid user usr123d from 11.22.33.44 port 66778 ssh2</P> <P>So the table would be something like this<BR /> Date/time<BR /> Server (abc001234)<BR /> User (usr123d)<BR /> IP (11.22.33.44)<BR /> Port (66778)</P> <P>Greatly appreciate your help in this! Thanks.</P> Tue, 04 Oct 2016 02:29:25 GMT https://community.splunk.com/t5/Dashboards-Visualizations/Syslog-failed-event-to-be-viewed-in-a-table-format/m-p/220923#M43549 SanjeewaF3 2016-10-04T02:29:25Z Re: Syslog failed event to be viewed in a table format? https://community.splunk.com/t5/Dashboards-Visualizations/Syslog-failed-event-to-be-viewed-in-a-table-format/m-p/220924#M43550 <P>Start with extracting the interesting fields, here is a link to some info:<BR /> <A href="http://docs.splunk.com/Splexicon:Fieldextraction">http://docs.splunk.com/Splexicon:Fieldextraction</A></P> <P>Then try a search something like:<BR /> Index=* sourcetype=syslog Failed | table _time Server User IP Port</P> <P>Here is a link to some educaton videos as well: <A href="https://www.splunk.com/view/education-videos/SP-CAAAGB6">https://www.splunk.com/view/education-videos/SP-CAAAGB6</A><BR /> Try searching Youtube for some beginner videos also.</P> Tue, 04 Oct 2016 18:49:34 GMT https://community.splunk.com/t5/Dashboards-Visualizations/Syslog-failed-event-to-be-viewed-in-a-table-format/m-p/220924#M43550 mydog8it 2016-10-04T18:49:34Z