Hi All,
I want a small addition to the output values.
Code am using :
| inputlookup ONMS_nodes.csv
| table nodelabel
| join type=outer nodelabel [ search
index=opennms "uei.opennms.org/nodes/nodeUp" OR "uei.opennms.org/nodes/nodeDown"
| rex field=eventuei "uei.opennms.org/nodes/node(?<Status>.+)"
| stats max(_time) as Time latest(Status) as Status by nodelabel
| table nodelabel Status ]
| table nodelabel Status
Output table :
nodelabel Status
| INBLR-LANCCO001 | Up |
| INBLR-LANCUA002 | Up |
| INBLR-LANCUA004 | Up |
| INBLR-LANCUA006 | Up |
| INBLR-LANCUA007 | |
| INBLR-LANCUA008 | Up |
| INBLR-WANRTC001 | Up |
| INBLR-WANRTC002 | Up |
| INBLR-WANRTC003 | |
Reason some device not having status is, SNMP polling didnt happened for that device.
I want a simplified output as expected below.
Additional line of code:
| eval Device= nodelabel." [".Status."]"
Device
| INBLR-LANCCO001 [Up] |
| INBLR-LANCUA002 [Up] |
| INBLR-LANCUA004 [Up] |
| INBLR-LANCUA006 [Up] |
| |
| INBLR-LANCUA008 [Up] |
| INBLR-WANRTC001 [Up] |
| INBLR-WANRTC002 [Up] |
| |
Am not getting values for that missing SNMP devices. But i need that devices too in the table with [Failed] marked.
please help me with it.
