Solved: Re: Create a table

chinhp · ‎02-16-2014

Hi I want to create a table for the below log entry

Feb 16 15:42:10 10.176.10.22 Feb 16 2014 14:42:10: %ASA-4-722051: Group User IP <36.XX.XX.116> Address <10.XX.xx.168> assigned to session

Fields :
Group = Group
User = User
PIP = <36.XX.XX.116>
LIP= <10.XX.xx.168>

Date,Time || Group || User || PIP || LIP

somesoni2 · ‎02-16-2014

Try this:

your base search | rex "Group\s\<(?<Group>[^\>]+)\>\sUser\s\<(?<User>[^\>]+)\>\sIP\s\<(?<PIP>[^\>]+)\>\sAddress\s\<(?<LIP>[^\>]+)\>" | rename _time as Date | table Date,Group,User,PIP,LIP

View solution in original post

somesoni2 · ‎02-16-2014

Try this:

your base search | rex "Group\s\<(?<Group>[^\>]+)\>\sUser\s\<(?<User>[^\>]+)\>\sIP\s\<(?<PIP>[^\>]+)\>\sAddress\s\<(?<LIP>[^\>]+)\>" | rename _time as Date | table Date,Group,User,PIP,LIP

somesoni2 · ‎02-17-2014

Great... Please accept the answer if there are no followup questions.

chinhp · ‎02-16-2014

awesome thanks this is working like charm

Create a table

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

GA: New Data Management App in Splunk Platform

Announcing Modern Navigation: A New Era of Splunk User Experience

Join the Conversation