×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
raki
New Member
Member since: ‎02-20-2012
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎02-20-2012
Activity Feed
View All

SNMP data parsing

by in Getting Data In
‎02-22-2012 04:41 AM
‎02-22-2012 04:41 AM
Hi I have taken SNMP data into splunk through a CSV conversion of polled data. The sample data looks as below 1.cgdAnswerType.173, .1.3.6.1.4.1.9.9.595.1.5.2.1.2.173,Integer,2 2.cgdAnswerAddress.173, .1.3.6.1.4.1.9.9.595.1.5.2.1.4.173, Octetstring, 10.1.1.1 3.cgdAnswerName.173, .1.3.6.1.4.1.9.9.595.1.5.2.1.5.173,OctetString,www.example.com The challenge I have is a) the common factor is a random number and it is part of the field and not a value. Also the value of one field is another field such as cgdAnswerName is www.example.com. I tried extract with delimiters of '.' but didnt work out. How can I use 173 in this case as a field and b) Table the output as Number | cgdAnswertype =2 | cgdAnswerAddress = 10.1.1.1 | cgdAnswerName = www.example.com Thanks in advance ... View more

Re: Report required from Syslog data from Cisco AC...

by in Getting Data In
‎02-21-2012 02:38 AM
‎02-21-2012 02:38 AM
Thanks Ayn, have been trying the transaction method without any success. Anyway applied your searches and here are the results a) The transaction method works perfect. ONe question I have though is how can I group the table by username such as a single username has multiple records. I would want to publish a report by username and all associated records b) The stats method works but is there a way I can get the duration as in transaction than Acc_Session_Time as reported by ACS ... View more

Report required from Syslog data from Cisco ACS

by in Getting Data In
‎02-20-2012 09:28 PM
‎02-20-2012 09:28 PM
I have a Cisco ACS serving radius requests for VPN users. The syslog is configured for splunk and is able to receive data and index all fields. Following are the sample log texts shown for a particular user (XXXX_user93) (only interesting fields) a) RADIUS Start record Feb 21 10:32:34 2012-02-21 10:32:34.134 +05:30 NOTICE Radius-Accounting: RADIUS Accounting start request, NetworkDeviceName=XXXX_Roam_Connect, User-Name=XXXX_user93, Framed-IP-Address=10.32.38.93, Calling-Station-ID=113.128.64.130, NAS-Identifier= YYYY-FG-MUMENT, Acct-Status-Type=Start, Acct-Session-Id=00a2fc9c, AcsSessionID= INMAA-TDL-ACS-I/112925452/1282834, b)Corresponding RADIUS Stop record Feb 21 10:32:41 2012-02-21 10:32:41.127 +05:30 NOTICE Radius-Accounting: RADIUS Accounting stop request, NetworkDeviceName=XXXX_Roam_Connect, User-Name=XXXX_user93, Framed-IP-Address=10.32.38.93, Calling-Station-ID=113.128.64.130, NAS-Identifier=YYYY-FG-MUMENT, Acct-Status-Type=Stop, Acct-Session-Id=00a2fc9c, Acct-Session-Time=468, Acct-Terminate-Cause=NAS Error, AcsSessionID=INMAA-TDL-ACS-I/112925452/1282838 The start and stop requests are correlated by the field Acct-Session-Id for which the value would be the same for a particular users start and stop record. What we are looking is a daily, weekly, monthly report in a tabular format, something similar to this NetworkDeviceName | Username | Starttime | Endtime | Acct-Session-Id | Acct-Session-Time I have tried with no success We are currently evaluating Splunk and would like help in achieving the above. Have searched for apps in Splunk base and couldnt find any. Thanks in advance. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM