Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Getting Data In
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Extract routing information from cisco router
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Extract routing information from cisco router
smithjnick
Path Finder
11-09-2018
04:00 PM
Hi folks, i hope somebody can help me.
I have a network script running to pull in the routing config from my routers and having a terrible time extracting the fields i need.
I have some regex that works in regex101 but not in splunk for some reason when using 'rex field=_raw' at search time. Code so far is below but not perfect:
^(?<Code>[\w\*\%\+]+)\s+(?<route>(\d{1,3}\.){3}\d{1,3}(\/\d+){0,1})\s.+?,\s+(?<Interface>[\w\-\.]+)
I have fudged the ip addresses in the data sample below for obvious reasons and would greatly appreciate some help. Extractions required are:
1 - Extract Codes (example L - local, ia - IS-IS inter area, * - candidate default) into a field called 'routing_codes'.
2 - Extract individual routing code letters (examples S*, C, L etc...) into a field called 'route_code'.
3 - Extract top level routing entry (examples 10.0.0.0/8, 99.0.0.0/32, 172.107.0.0/32) into field called 'iprange'
4 - Extract individual routes (example 192.168.79.123, 172.111.242.196, 172.107.79.123) into feild called 'route'
5 - Extract outgoing interfaces (example Vlan1, Vlan200, Loopback13) into field called 'interface'
Data Sample:
___________________________________________________________________________
10/09/2018 17:15:25 : Started route_scraper
Execute Command Script on Devices
4 devices selected
Devices: 4
Errors: 0
___________________________________________________________________________
router-r-s-71193-01 (10.2.199.98):
show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 89.189.89.191 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 89.189.88.190
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.71.193.0/24 is directly connected, Vlan1
L 10.71.193.1/32 is directly connected, Vlan1
99.00.00.00/32 is subnetted, 1 subnets
C 99.99.99.199 is directly connected, Virtual-Access1.1
172.168.0.0/32 is subnetted, 1 subnets
C 172.168.80.31 is directly connected, Loopback10
172.168.0.0/32 is subnetted, 1 subnets
C 172.168.242.253 is directly connected, Loopback13
192.168.80.0/32 is subnetted, 1 subnets
C 192.168.80.31 is directly connected, Loopback1
___________________________________________________________________________
router-r-s-72241-01 (10.2.199.99):
show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 88.188.88.188 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 88.189.89.189
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.72.241.0/24 is directly connected, Vlan1
L 10.72.241.1/32 is directly connected, Vlan1
99.0.0.0/32 is subnetted, 1 subnets
C 99.99.199.198 is directly connected, Virtual-Access1.1
172.17.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.17.1.80/28 is directly connected, Vlan200
L 172.17.1.81/32 is directly connected, Vlan200
172.107.0.0/32 is subnetted, 1 subnets
C 172.107.79.123 is directly connected, Loopback10
172.111.0.0/32 is subnetted, 1 subnets
C 172.111.242.196 is directly connected, Loopback13
192.168.79.0/32 is subnetted, 1 subnets
C 192.168.79.123 is directly connected, Loopback1
___________________________________________________________________________
thanks
Get Updates on the Splunk Community!
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...
Splunk APM: New Product Features + Community Office Hours Recap!
Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...
Index This | Forward, I’m heavy; backward, I’m not. What am I?
April 2024 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with another ...
