Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Getting Data In
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Extract routing information from cisco router
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Extract routing information from cisco router
smithjnick
Path Finder
11-09-2018
04:00 PM
Hi folks, i hope somebody can help me.
I have a network script running to pull in the routing config from my routers and having a terrible time extracting the fields i need.
I have some regex that works in regex101 but not in splunk for some reason when using 'rex field=_raw' at search time. Code so far is below but not perfect:
^(?<Code>[\w\*\%\+]+)\s+(?<route>(\d{1,3}\.){3}\d{1,3}(\/\d+){0,1})\s.+?,\s+(?<Interface>[\w\-\.]+)
I have fudged the ip addresses in the data sample below for obvious reasons and would greatly appreciate some help. Extractions required are:
1 - Extract Codes (example L - local, ia - IS-IS inter area, * - candidate default) into a field called 'routing_codes'.
2 - Extract individual routing code letters (examples S*, C, L etc...) into a field called 'route_code'.
3 - Extract top level routing entry (examples 10.0.0.0/8, 99.0.0.0/32, 172.107.0.0/32) into field called 'iprange'
4 - Extract individual routes (example 192.168.79.123, 172.111.242.196, 172.107.79.123) into feild called 'route'
5 - Extract outgoing interfaces (example Vlan1, Vlan200, Loopback13) into field called 'interface'
Data Sample:
___________________________________________________________________________
10/09/2018 17:15:25 : Started route_scraper
Execute Command Script on Devices
4 devices selected
Devices: 4
Errors: 0
___________________________________________________________________________
router-r-s-71193-01 (10.2.199.98):
show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 89.189.89.191 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 89.189.88.190
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.71.193.0/24 is directly connected, Vlan1
L 10.71.193.1/32 is directly connected, Vlan1
99.00.00.00/32 is subnetted, 1 subnets
C 99.99.99.199 is directly connected, Virtual-Access1.1
172.168.0.0/32 is subnetted, 1 subnets
C 172.168.80.31 is directly connected, Loopback10
172.168.0.0/32 is subnetted, 1 subnets
C 172.168.242.253 is directly connected, Loopback13
192.168.80.0/32 is subnetted, 1 subnets
C 192.168.80.31 is directly connected, Loopback1
___________________________________________________________________________
router-r-s-72241-01 (10.2.199.99):
show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 88.188.88.188 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 88.189.89.189
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.72.241.0/24 is directly connected, Vlan1
L 10.72.241.1/32 is directly connected, Vlan1
99.0.0.0/32 is subnetted, 1 subnets
C 99.99.199.198 is directly connected, Virtual-Access1.1
172.17.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.17.1.80/28 is directly connected, Vlan200
L 172.17.1.81/32 is directly connected, Vlan200
172.107.0.0/32 is subnetted, 1 subnets
C 172.107.79.123 is directly connected, Loopback10
172.111.0.0/32 is subnetted, 1 subnets
C 172.111.242.196 is directly connected, Loopback13
192.168.79.0/32 is subnetted, 1 subnets
C 192.168.79.123 is directly connected, Loopback1
___________________________________________________________________________
thanks
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Get Updates on the Splunk Community!
Community Content Calendar, September edition
Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...
Splunkbase Unveils New App Listing Management Public Preview
Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...
Leveraging Automated Threat Analysis Across the Splunk Ecosystem
Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...
