Re: vpn tunnel status table

zen1tsu · ‎01-11-2023

Good morning\afternoon\evening community!

I've met an issue with detecting vpn tunnel interface statuses which is identified by ping data inputs
can you give some ideas on how to organize the search to print table like below ?

on first table represented the logic of detecting the status of tunnel

Thanks in advance, for any response!

zen1tsu · ‎01-11-2023

destinations are randomly generated, output of icmp requests

sent=1 received=1 packet_loss=0 min_ping=0.397 avg_ping=0.397 max_ping=0.397 jitter=0.000 return_code=0 dest=167.68.156.4
sent=1 received=1 packet_loss=0 min_ping=0.397 avg_ping=0.397 max_ping=0.397 jitter=0.000 return_code=0 dest=90.239.46.155
sent=1 received=1 packet_loss=0 min_ping=0.397 avg_ping=0.397 max_ping=0.397 jitter=0.000 return_code=0 dest=180.206.119.58
sent=1 received=1 packet_loss=0 min_ping=0.397 avg_ping=0.397 max_ping=0.397 jitter=0.000 return_code=0 dest=6.37.163.174

zen1tsu · ‎01-11-2023

for instance lets take
address A - 167.68.156.4
address B - 90.239.46.155
address C - 180.206.119.58
address D - 6.37.163.174

gcusello · ‎01-11-2023

Hi @zen1tsu,

could you share saome sample data of your flow identifying the fields to use for grouping?

Ciao.

Giuseppe

How to search to organize vpn tunnel status table?

count

eval

field extraction

lookup

stats

subsearch

table

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

How to search to organize vpn tunnel status table?