Getting Data In
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Extract routing information from cisco router
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Extract routing information from cisco router
smithjnick
Path Finder
11-09-2018
04:00 PM
Hi folks, i hope somebody can help me.
I have a network script running to pull in the routing config from my routers and having a terrible time extracting the fields i need.
I have some regex that works in regex101 but not in splunk for some reason when using 'rex field=_raw' at search time. Code so far is below but not perfect:
^(?<Code>[\w\*\%\+]+)\s+(?<route>(\d{1,3}\.){3}\d{1,3}(\/\d+){0,1})\s.+?,\s+(?<Interface>[\w\-\.]+)
I have fudged the ip addresses in the data sample below for obvious reasons and would greatly appreciate some help. Extractions required are:
1 - Extract Codes (example L - local, ia - IS-IS inter area, * - candidate default) into a field called 'routing_codes'.
2 - Extract individual routing code letters (examples S*, C, L etc...) into a field called 'route_code'.
3 - Extract top level routing entry (examples 10.0.0.0/8, 99.0.0.0/32, 172.107.0.0/32) into field called 'iprange'
4 - Extract individual routes (example 192.168.79.123, 172.111.242.196, 172.107.79.123) into feild called 'route'
5 - Extract outgoing interfaces (example Vlan1, Vlan200, Loopback13) into field called 'interface'
Data Sample:
___________________________________________________________________________
10/09/2018 17:15:25 : Started route_scraper
Execute Command Script on Devices
4 devices selected
Devices: 4
Errors: 0
___________________________________________________________________________
router-r-s-71193-01 (10.2.199.98):
show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 89.189.89.191 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 89.189.88.190
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.71.193.0/24 is directly connected, Vlan1
L 10.71.193.1/32 is directly connected, Vlan1
99.00.00.00/32 is subnetted, 1 subnets
C 99.99.99.199 is directly connected, Virtual-Access1.1
172.168.0.0/32 is subnetted, 1 subnets
C 172.168.80.31 is directly connected, Loopback10
172.168.0.0/32 is subnetted, 1 subnets
C 172.168.242.253 is directly connected, Loopback13
192.168.80.0/32 is subnetted, 1 subnets
C 192.168.80.31 is directly connected, Loopback1
___________________________________________________________________________
router-r-s-72241-01 (10.2.199.99):
show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 88.188.88.188 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 88.189.89.189
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.72.241.0/24 is directly connected, Vlan1
L 10.72.241.1/32 is directly connected, Vlan1
99.0.0.0/32 is subnetted, 1 subnets
C 99.99.199.198 is directly connected, Virtual-Access1.1
172.17.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.17.1.80/28 is directly connected, Vlan200
L 172.17.1.81/32 is directly connected, Vlan200
172.107.0.0/32 is subnetted, 1 subnets
C 172.107.79.123 is directly connected, Loopback10
172.111.0.0/32 is subnetted, 1 subnets
C 172.111.242.196 is directly connected, Loopback13
192.168.79.0/32 is subnetted, 1 subnets
C 192.168.79.123 is directly connected, Loopback1
___________________________________________________________________________
thanks
Get Updates on the Splunk Community!
Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...
This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...
Elevate Your Organization with Splunk’s Next Platform Evolution
Thursday, July 10, 2025 | 11AM PDT / 2PM EDT
Whether you're managing complex deployments or looking to ...
Splunk Answers Content Calendar, June Edition
Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...
