Solved: Re: Create a table

chinhp · ‎02-16-2014

Hi I want to create a table for the below log entry

Feb 16 15:42:10 10.176.10.22 Feb 16 2014 14:42:10: %ASA-4-722051: Group User IP <36.XX.XX.116> Address <10.XX.xx.168> assigned to session

Fields :
Group = Group
User = User
PIP = <36.XX.XX.116>
LIP= <10.XX.xx.168>

Date,Time || Group || User || PIP || LIP

somesoni2 · ‎02-16-2014

Try this:

your base search | rex "Group\s\<(?<Group>[^\>]+)\>\sUser\s\<(?<User>[^\>]+)\>\sIP\s\<(?<PIP>[^\>]+)\>\sAddress\s\<(?<LIP>[^\>]+)\>" | rename _time as Date | table Date,Group,User,PIP,LIP

View solution in original post

somesoni2 · ‎02-16-2014

Try this:

your base search | rex "Group\s\<(?<Group>[^\>]+)\>\sUser\s\<(?<User>[^\>]+)\>\sIP\s\<(?<PIP>[^\>]+)\>\sAddress\s\<(?<LIP>[^\>]+)\>" | rename _time as Date | table Date,Group,User,PIP,LIP

somesoni2 · ‎02-17-2014

Great... Please accept the answer if there are no followup questions.

chinhp · ‎02-16-2014

awesome thanks this is working like charm

Create a table

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

New Year. New Skills. New Course Releases from Splunk Education

Join the Conversation

Create a table

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

New Year. New Skills. New Course Releases from Splunk Education