Getting Data In
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Extract routing information from cisco router
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Extract routing information from cisco router
smithjnick
Path Finder
11-09-2018
04:00 PM
Hi folks, i hope somebody can help me.
I have a network script running to pull in the routing config from my routers and having a terrible time extracting the fields i need.
I have some regex that works in regex101 but not in splunk for some reason when using 'rex field=_raw' at search time. Code so far is below but not perfect:
^(?<Code>[\w\*\%\+]+)\s+(?<route>(\d{1,3}\.){3}\d{1,3}(\/\d+){0,1})\s.+?,\s+(?<Interface>[\w\-\.]+)
I have fudged the ip addresses in the data sample below for obvious reasons and would greatly appreciate some help. Extractions required are:
1 - Extract Codes (example L - local, ia - IS-IS inter area, * - candidate default) into a field called 'routing_codes'.
2 - Extract individual routing code letters (examples S*, C, L etc...) into a field called 'route_code'.
3 - Extract top level routing entry (examples 10.0.0.0/8, 99.0.0.0/32, 172.107.0.0/32) into field called 'iprange'
4 - Extract individual routes (example 192.168.79.123, 172.111.242.196, 172.107.79.123) into feild called 'route'
5 - Extract outgoing interfaces (example Vlan1, Vlan200, Loopback13) into field called 'interface'
Data Sample:
___________________________________________________________________________
10/09/2018 17:15:25 : Started route_scraper
Execute Command Script on Devices
4 devices selected
Devices: 4
Errors: 0
___________________________________________________________________________
router-r-s-71193-01 (10.2.199.98):
show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 89.189.89.191 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 89.189.88.190
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.71.193.0/24 is directly connected, Vlan1
L 10.71.193.1/32 is directly connected, Vlan1
99.00.00.00/32 is subnetted, 1 subnets
C 99.99.99.199 is directly connected, Virtual-Access1.1
172.168.0.0/32 is subnetted, 1 subnets
C 172.168.80.31 is directly connected, Loopback10
172.168.0.0/32 is subnetted, 1 subnets
C 172.168.242.253 is directly connected, Loopback13
192.168.80.0/32 is subnetted, 1 subnets
C 192.168.80.31 is directly connected, Loopback1
___________________________________________________________________________
router-r-s-72241-01 (10.2.199.99):
show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 88.188.88.188 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 88.189.89.189
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.72.241.0/24 is directly connected, Vlan1
L 10.72.241.1/32 is directly connected, Vlan1
99.0.0.0/32 is subnetted, 1 subnets
C 99.99.199.198 is directly connected, Virtual-Access1.1
172.17.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.17.1.80/28 is directly connected, Vlan200
L 172.17.1.81/32 is directly connected, Vlan200
172.107.0.0/32 is subnetted, 1 subnets
C 172.107.79.123 is directly connected, Loopback10
172.111.0.0/32 is subnetted, 1 subnets
C 172.111.242.196 is directly connected, Loopback13
192.168.79.0/32 is subnetted, 1 subnets
C 192.168.79.123 is directly connected, Loopback1
___________________________________________________________________________
thanks
Get Updates on the Splunk Community!
Dashboards: Hiding charts while search is being executed and other uses for tokens
There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...
Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...
This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...
Brains, Bytes, and Boston: Learn from the Best at .conf25
When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
