All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

IOS-XR syslog events not matching regex to transform

jgcsco
Path Finder
‎05-22-2018 08:06 PM

I have following syslog events from same IOS XR device:

May 22 01:01:01 10.10.0.1 1618: 5502-1.lab.com RP/0/RP0/CPU0:2018 May 22 01:09:29.318 UTC: isis[1010]: %ROUTING-ISIS-5-ADJCHANGE : Adjacency to mrstn-5501-3.cisco.com (HundredGigE0/0/0/3) (L2) Up, New adjacency
May 22 01:01:01 10.10.0.1 1614: 5502-1.lab.com LC/0/0/CPU0:2018 May 22 01:09:29.303 UTC: ifmgr[178]: %PKT_INFRA-LINK-3-UPDOWN : Interface HundredGigE0/0/0/3, changed state to Up

The above two are transformed properly. However the following one is not:

May 23 01:52:09 10.10.0.1 4566: 5502-1.lab.com 0/RP0/ADMIN0:2018 May 23 02:00:44.582 UTC: envmon[2269]: %PKT_INFRA-FM-2-FAULT_CRITICAL : ALARM_CRITICAL :temperature alarm :DECLARE :0/RP0: CPU-Inlet has raised a temperature alarm with value of -19

I have tried to change the regex in transforms.conf based on the recommendation in the posted link text, but could not get it work.

I am running Cisco Networks Add-on 2.5.4.

Any suggestions?

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...