Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- How to parse the events
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to parse the events
Type: VIP Status | Target: /Common/phutan.mayhem.com-80-int-llb | Status: The children pool member(s) either don't have service checking enabled, or service check results are not available yet | Current Conns: ;
Type: VIP Status | Target: /Common/phutan.mayhem.com-443-int-llb | Status: The virtual server is available | Current Conns: ;
Type: Pool Status | Target: /Common/phutan.mayhem.com-443-int-llb | Status: The pool is available | Current Conns: 902;
Type: Pool Member Status | Target: 31.129.119.201:8443 | Status: Forced down | Current Conns: 0;
Type: Pool Member Status | Target: 31.129.118.245:8343 | Status: Pool member is available | Current Conns: 213;
Type: Pool Member Status | Target: 30.128.179.243:8343 | Status: Forced down | Current Conns: 0;
Type: Pool Member Status | Target: 30.128.209.65:8343 | Status: Pool member is available | Current Conns: 211;
Type: Pool Member Status | Target: 30.128.409.66:7443 | Status: Pool member is available | Current Conns: 216;
Type: Pool Member Status | Target: 30.128.209.67:7343 | Status: Pool member is available | Current Conns: 247;
Above is how one of my sample events look like.
I need help in parsing the events so that the output should look like in a table format like the following with four columns Target,Status,Current_Conns, Total_Connection fetched from the event.
Target Status Current_Conns Total_Connection
31.129.119.201:8443 Forced down 0 902
31.129.118.245:8343 Pool member is available 213
30.128.179.243:8343 Pool member is available 0
30.128.209.65:8343 Pool member is available 211
30.128.409.66:7443 Pool member is available 216
30.128.209.67:7343 Pool member is available 247
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
try this out,
| extract pairdelim="|", kvdelim=":"
did not test it yet ...
or maybe use rex
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, I'll try your suggestion.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Mile High Learning with Splunk University, Denver, Colorado
IT Service Intelligence 5.0 Series: Your Guide to the June Launch
Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0
