Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to parse the events

zacksoft
Contributor
‎06-06-2018 04:26 AM

Type: VIP Status | Target: /Common/phutan.mayhem.com-80-int-llb | Status: The children pool member(s) either don't have service checking enabled, or service check results are not available yet | Current Conns: ;
Type: VIP Status | Target: /Common/phutan.mayhem.com-443-int-llb | Status: The virtual server is available | Current Conns: ;
Type: Pool Status | Target: /Common/phutan.mayhem.com-443-int-llb | Status: The pool is available | Current Conns: 902;
Type: Pool Member Status | Target: 31.129.119.201:8443 | Status: Forced down | Current Conns: 0;
Type: Pool Member Status | Target: 31.129.118.245:8343 | Status: Pool member is available | Current Conns: 213;
Type: Pool Member Status | Target: 30.128.179.243:8343 | Status: Forced down | Current Conns: 0;
Type: Pool Member Status | Target: 30.128.209.65:8343 | Status: Pool member is available | Current Conns: 211;
Type: Pool Member Status | Target: 30.128.409.66:7443 | Status: Pool member is available | Current Conns: 216;
Type: Pool Member Status | Target: 30.128.209.67:7343 | Status: Pool member is available | Current Conns: 247;

Above is how one of my sample events look like.
I need help in parsing the events so that the output should look like in a table format like the following with four columns Target,Status,Current_Conns, Total_Connection fetched from the event.

Target Status Current_Conns Total_Connection
31.129.119.201:8443 Forced down 0 902
31.129.118.245:8343 Pool member is available 213
30.128.179.243:8343 Pool member is available 0
30.128.209.65:8343 Pool member is available 211
30.128.409.66:7443 Pool member is available 216
30.128.209.67:7343 Pool member is available 247

Tags (1)
0 Karma
Reply

adonio
Ultra Champion
‎06-06-2018 05:15 AM

try this out,
| extract pairdelim="|", kvdelim=":"
did not test it yet ...
or maybe use rex

Reply

zacksoft
Contributor
‎06-06-2018 05:58 AM

Thanks, I'll try your suggestion.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...