I have this kind of logs
00:00:47: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down
00:00:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan3, changed state to up
00:00:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/5, changed state to down
How can I extract severity and interface?
TIA
hey try this
index=your_index | rex field=_raw "%\w+-(?P<Severity>[^\-]+)-.*Interface\s(?P<Interface>[^\,]+)"
Also check this to see this in action
https://regex101.com/r/IYRjiZ/1
Let me know if this helps!
hey try this
index=your_index | rex field=_raw "%\w+-(?P<Severity>[^\-]+)-.*Interface\s(?P<Interface>[^\,]+)"
Also check this to see this in action
https://regex101.com/r/IYRjiZ/1
Let me know if this helps!
thanks it works but is there any way to extract description as well after interface?
try this then
index=your_index | rex field=_raw "%\w+-(?P<Severity>[^\-]+)-.*Interface\s(?P<Interface>[^\,]+)\,(?P<Description>.*)"