Dashboards & Visualizations

Create a table

chinhp
New Member

Hi I want to create a table for the below log entry

Feb 16 15:42:10 10.176.10.22 Feb 16 2014 14:42:10: %ASA-4-722051: Group User IP <36.XX.XX.116> Address <10.XX.xx.168> assigned to session

Fields :
Group = Group
User = User
PIP = <36.XX.XX.116>
LIP= <10.XX.xx.168>

Date,Time || Group || User || PIP || LIP

0 Karma
1 Solution

somesoni2
Revered Legend

Try this:

your base search | rex "Group\s\<(?<Group>[^\>]+)\>\sUser\s\<(?<User>[^\>]+)\>\sIP\s\<(?<PIP>[^\>]+)\>\sAddress\s\<(?<LIP>[^\>]+)\>" | rename _time as Date | table Date,Group,User,PIP,LIP

View solution in original post

somesoni2
Revered Legend

Try this:

your base search | rex "Group\s\<(?<Group>[^\>]+)\>\sUser\s\<(?<User>[^\>]+)\>\sIP\s\<(?<PIP>[^\>]+)\>\sAddress\s\<(?<LIP>[^\>]+)\>" | rename _time as Date | table Date,Group,User,PIP,LIP

somesoni2
Revered Legend

Great... Please accept the answer if there are no followup questions.

0 Karma

chinhp
New Member

awesome thanks this is working like charm

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...