I'm using the below query as MuS suggested,
*swt* "changed state to" */*/* | rex "(?i) Interface (?P[^,]+)" | rex "(?i)changed state to (?P.+)" | table host, AnInterface, UpDown, _time | sort -_time | reverse
Could any one please provide the script, so that splunk will send the below logs to netcool.
data1swt0001 GigabitEthernet1/0/1 down 2015-01-24 23:48:38
data1swt0001 GigabitEthernet1/0/1 down 2015-01-24 23:48:38
data1swt0001 GigabitEthernet1/0/1 up 2015-01-24 23:52:08
data1swt0001 GigabitEthernet1/0/1 up 2015-01-24 23:52:08
Thanks....
Hi marees123,
I don't think this is going to happen....because:
Lots to do for you, you can start here by reading the docs about a custom search command http://docs.splunk.com/Documentation/Splunk/6.2.1/AdvancedDev/Searchscripts
I know this not your expected answer, but it's like this - we all can help, but we will not do your work 😉
cheers, MuS
Hi marees123,
I don't think this is going to happen....because:
Lots to do for you, you can start here by reading the docs about a custom search command http://docs.splunk.com/Documentation/Splunk/6.2.1/AdvancedDev/Searchscripts
I know this not your expected answer, but it's like this - we all can help, but we will not do your work 😉
cheers, MuS
thanks MuS...yes.. i will read. thanks again.