Hello,
I am trying to acquire some input for SPL parsing a JSON file using the |spath command. Here is an example of my JSON format.
{
"ip": "10.1.1.2",
"hostname": "Switch_1",
"function": "Switch Access",
"owner": "Doughnut Co.",
"vendor": "Cisco",
"dev_type": "Switch",
"ssh": true,
"ping": true,
"snmp": false,
"ConnType": "cisco_ios",
"version": "15.2(2)E6",
"chassis_model": "WS-C2960",
"chassis_sn": "G0T1635R11M",
"slot_list": [
{
"sn": "G0T1635R11M",
"slot": "1",
"model": "WS-C2960"
}
],
{
"ip": "10.1.1.3",
"hostname": "Switch_2",
"function": "Switch Access",
"owner": "Doughnut Co.",
"vendor": "Cisco",
"dev_type": "Switch",
"ssh": true,
"ping": true,
"snmp": true,
"ConnType": "cisco_ios",
"version": "12.2(55)SE12",
"chassis_model": "WS-C2960S-48FPS-L",
"chassis_sn": "F0R1524Q11L",
"slot_list": [
{
"sn": "F0R1524Q11L",
"slot": "1",
"model": "WS-C2960S-48FPS-L"
}
],
==========================================================================
I need to focus on the model (chassis_model) with a correlation to the IOS (version). I know that I could add a spath statement and then a search statement for chassis_model and version, but how do I incorporate multiple searches for chassis_model and version.
Index=new dev_type=switch sourcetype="_json" ("WS-C2960*")
ping!=false last_status="connected" earliest =-1d@d latest=now
| spath version
| search version="12.2(55)SE12"
I need to be able to search for multiple switch revisions of the same switch running different IOS versions. This will work at the beginning of the search ** ("WS-C2960*" version="12.2(55)SE12") OR ("WS-C2960S*" version!="15.2(2)E6)** However, I want to be able to use spath as the search flow is easier to follow when dealing with a vast array of equipment.
*this I know will not work but how can something similar work with an spath SPL statement?
| spath
| search "WS-C2960S*" version!="15.2(2)E9"
| spath
| search "WS-C2960*" version="12.2(55)SE12"
| dedup ip
Thank You
... View more