Splunk Search

How to search to organize vpn tunnel status table?

zen1tsu
Loves-to-Learn Lots

Good morning\afternoon\evening community!


I've met an issue with detecting vpn tunnel interface statuses which is identified by ping data inputs
can you give some ideas on how to organize the search to print table like below ?

on first table represented the logic of detecting the status of tunnel

zen1tsu_0-1673435280594.png

 


Thanks in advance, for any response!

 

 

0 Karma

zen1tsu
Loves-to-Learn Lots

destinations are randomly generated, output of icmp requests

sent=1 received=1 packet_loss=0 min_ping=0.397 avg_ping=0.397 max_ping=0.397 jitter=0.000 return_code=0 dest=167.68.156.4
sent=1 received=1 packet_loss=0 min_ping=0.397 avg_ping=0.397 max_ping=0.397 jitter=0.000 return_code=0 dest=90.239.46.155
sent=1 received=1 packet_loss=0 min_ping=0.397 avg_ping=0.397 max_ping=0.397 jitter=0.000 return_code=0 dest=180.206.119.58
sent=1 received=1 packet_loss=0 min_ping=0.397 avg_ping=0.397 max_ping=0.397 jitter=0.000 return_code=0 dest=6.37.163.174

 

0 Karma

zen1tsu
Loves-to-Learn Lots

for instance lets take
address A - 167.68.156.4
address B - 90.239.46.155
address C - 180.206.119.58
address D - 6.37.163.174

 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @zen1tsu,

could you share saome sample data of your flow identifying the fields to use for grouping?

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...