Dashboards & Visualizations

Create a table

chinhp
New Member

Hi I want to create a table for the below log entry

Feb 16 15:42:10 10.176.10.22 Feb 16 2014 14:42:10: %ASA-4-722051: Group User IP <36.XX.XX.116> Address <10.XX.xx.168> assigned to session

Fields :
Group = Group
User = User
PIP = <36.XX.XX.116>
LIP= <10.XX.xx.168>

Date,Time || Group || User || PIP || LIP

0 Karma
1 Solution

somesoni2
Revered Legend

Try this:

your base search | rex "Group\s\<(?<Group>[^\>]+)\>\sUser\s\<(?<User>[^\>]+)\>\sIP\s\<(?<PIP>[^\>]+)\>\sAddress\s\<(?<LIP>[^\>]+)\>" | rename _time as Date | table Date,Group,User,PIP,LIP

View solution in original post

somesoni2
Revered Legend

Try this:

your base search | rex "Group\s\<(?<Group>[^\>]+)\>\sUser\s\<(?<User>[^\>]+)\>\sIP\s\<(?<PIP>[^\>]+)\>\sAddress\s\<(?<LIP>[^\>]+)\>" | rename _time as Date | table Date,Group,User,PIP,LIP

somesoni2
Revered Legend

Great... Please accept the answer if there are no followup questions.

0 Karma

chinhp
New Member

awesome thanks this is working like charm

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...