- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- How to parse the events
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to parse the events
Type: VIP Status | Target: /Common/phutan.mayhem.com-80-int-llb | Status: The children pool member(s) either don't have service checking enabled, or service check results are not available yet | Current Conns: ;
Type: VIP Status | Target: /Common/phutan.mayhem.com-443-int-llb | Status: The virtual server is available | Current Conns: ;
Type: Pool Status | Target: /Common/phutan.mayhem.com-443-int-llb | Status: The pool is available | Current Conns: 902;
Type: Pool Member Status | Target: 31.129.119.201:8443 | Status: Forced down | Current Conns: 0;
Type: Pool Member Status | Target: 31.129.118.245:8343 | Status: Pool member is available | Current Conns: 213;
Type: Pool Member Status | Target: 30.128.179.243:8343 | Status: Forced down | Current Conns: 0;
Type: Pool Member Status | Target: 30.128.209.65:8343 | Status: Pool member is available | Current Conns: 211;
Type: Pool Member Status | Target: 30.128.409.66:7443 | Status: Pool member is available | Current Conns: 216;
Type: Pool Member Status | Target: 30.128.209.67:7343 | Status: Pool member is available | Current Conns: 247;
Above is how one of my sample events look like.
I need help in parsing the events so that the output should look like in a table format like the following with four columns Target,Status,Current_Conns, Total_Connection fetched from the event.
Target Status Current_Conns Total_Connection
31.129.119.201:8443 Forced down 0 902
31.129.118.245:8343 Pool member is available 213
30.128.179.243:8343 Pool member is available 0
30.128.209.65:8343 Pool member is available 211
30.128.409.66:7443 Pool member is available 216
30.128.209.67:7343 Pool member is available 247
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
try this out,
| extract pairdelim="|", kvdelim=":"
did not test it yet ...
or maybe use rex
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, I'll try your suggestion.
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
