How to search to organize vpn tunnel status table?

zen1tsu · ‎01-11-2023

Good morning\afternoon\evening community!

I've met an issue with detecting vpn tunnel interface statuses which is identified by ping data inputs
can you give some ideas on how to organize the search to print table like below ?

on first table represented the logic of detecting the status of tunnel

Thanks in advance, for any response!

zen1tsu · ‎01-11-2023

destinations are randomly generated, output of icmp requests

sent=1 received=1 packet_loss=0 min_ping=0.397 avg_ping=0.397 max_ping=0.397 jitter=0.000 return_code=0 dest=167.68.156.4
sent=1 received=1 packet_loss=0 min_ping=0.397 avg_ping=0.397 max_ping=0.397 jitter=0.000 return_code=0 dest=90.239.46.155
sent=1 received=1 packet_loss=0 min_ping=0.397 avg_ping=0.397 max_ping=0.397 jitter=0.000 return_code=0 dest=180.206.119.58
sent=1 received=1 packet_loss=0 min_ping=0.397 avg_ping=0.397 max_ping=0.397 jitter=0.000 return_code=0 dest=6.37.163.174

zen1tsu · ‎01-11-2023

for instance lets take
address A - 167.68.156.4
address B - 90.239.46.155
address C - 180.206.119.58
address D - 6.37.163.174

gcusello · ‎01-11-2023

Hi @zen1tsu,

could you share saome sample data of your flow identifying the fields to use for grouping?

Ciao.

Giuseppe

How to search to organize vpn tunnel status table?

count

eval

field extraction

lookup

stats

subsearch

table

New Year. New Skills. New Course Releases from Splunk Education

Splunk and TLS: It doesn't have to be too hard

Faster Insights with AI, Streamlined Cloud-Native Operations, and More New Lantern ...

Join the Conversation

How to search to organize vpn tunnel status table?