I am working with clock sync log files. The top 3 lines have the ip address -> MAC address mapping... The rest of the lines have the offset and sync-delay details of each host with the MAC address. (format shown below). Is it possible to extract the ip address from the first three lines and map it to each log entry in my offset report.
{ "node": {"port-id": "000f:53ff:fe59:f640.1", "domain": 3, "address": "10.0.0.1" } }
{ "node": {"port-id": "000f:53ff:fe59:f720.1", "domain": 1, "address": "10.0.0.2" } }
{ "node": {"port-id": "000f:53ff:fe59:f620.2", "domain": 0, "address": "10.0.0.3" } }
{ "rx-event": {"monitor-seq-id": 0, "monitor-timestamp": "2018-01-02 03:24:08.454728", "node": "000f:53ff:fe59:f640.1", "parent-port": "ec46:70ff:fe00:be6d.1", "sync-seq": 18218, "offset-from-master": -11.000000, "mean-path-delay": 1771.000000, "sync-ingress-timestamp": 1514863478.454504073 } }
{ "rx-event": {"monitor-seq-id": 1, "monitor-timestamp": "2018-01-02 03:24:08.454730", "node": "000f:53ff:fe59:f640.1", "parent-port": "ec46:70ff:fe00:be6d.1", "sync-seq": 18219, "offset-from-master": -11.000000, "mean-path-delay": 1771.000000, "sync-ingress-timestamp": 1514863479.454501525 } }
{ "rx-event": {"monitor-seq-id": 2, "monitor-timestamp": "2018-01-02 03:24:08.454730", "node": "000f:53ff:fe59:f640.1", "parent-port": "ec46:70ff:fe00:be6d.1", "sync-seq": 18220, "offset-from-master": -11.000000, "mean-path-delay": 1771.000000, "sync-ingress-timestamp": 1514863480.454500265 } }
{ "rx-event": {"monitor-seq-id": 3, "monitor-timestamp": "2018-01-02 03:24:08.454730", "node": "000f:53ff:fe59:f640.1", "parent-port": "ec46:70ff:fe00:be6d.1", "sync-seq": 18221, "offset-from-master": -13.000000, "mean-path-delay": 1773.000000, "sync-ingress-timestamp": 1514863481.454496428 } }
{ "rx-event": {"monitor-seq-id": 4, "monitor-timestamp": "2018-01-02 03:24:08.454731", "node": "000f:53ff:fe59:f640.1", "parent-port": "ec46:70ff:fe00:be6d.1", "sync-seq": 18222, "offset-from-master": 20.000000, "mean-path-delay": 1781.000000, "sync-ingress-timestamp": 1514863482.454495132 } }
{ "rx-event": {"monitor-seq-id": 5, "monitor-timestamp": "2018-01-02 03:24:08.454732", "node": "000f:53ff:fe59:f640.1", "parent-port": "ec46:70ff:fe00:be6d.1", "sync-seq": 18223, "offset-from-master": 13.500000, "mean-path-delay": 1774.500000, "sync-ingress-timestamp": 1514863483.454491258 } }
{ "rx-event": {"monitor-seq-id": 6, "monitor-timestamp": "2018-01-02 03:24:08.454732", "node": "000f:53ff:fe59:f640.1", "parent-port": "ec46:70ff:fe00:be6d.1", "sync-seq": 18224, "offset-from-master": 13.500000, "mean-path-delay": 1774.500000, "sync-ingress-timestamp": 1514863484.454488702 } }
{ "rx-event": {"monitor-seq-id": 7, "monitor-timestamp": "2018-01-02 03:24:08.454733", "node": "000f:53ff:fe59:f640.1", "parent-port": "ec46:70ff:fe00:be6d.1", "sync-seq": 18225, "offset-from-master": 15.500000, "mean-path-delay": 1767.500000, "sync-ingress-timestamp": 1514863485.454487436 } }
{ "rx-event": {"monitor-seq-id": 8, "monitor-timestamp": "2018-01-02 03:24:08.788909", "node": "000f:53ff:fe59:f720.1", "parent-port": "ec46:70ff:fe00:be68.1", "sync-seq": 47448, "offset-from-master": 26.500000, "mean-path-delay": 1894.500000, "sync-ingress-timestamp": 1514863478.788863443 } }
{ "rx-event": {"monitor-seq-id": 9, "monitor-timestamp": "2018-01-02 03:24:08.788910", "node": "000f:53ff:fe59:f720.1", "parent-port": "ec46:70ff:fe00:be68.1", "sync-seq": 47449, "offset-from-master": 9.000000, "mean-path-delay": 1897.000000, "sync-ingress-timestamp": 1514863479.788860880 } }
{ "rx-event": {"monitor-seq-id": 10, "monitor-timestamp": "2018-01-02 03:24:08.788911", "node": "000f:53ff:fe59:f720.1", "parent-port": "ec46:70ff:fe00:be68.1", "sync-seq": 47450, "offset-from-master": 8.000000, "mean-path-delay": 1896.000000, "sync-ingress-timestamp": 1514863480.788858317 } }
{ "rx-event": {"monitor-seq-id": 11, "monitor-timestamp": "2018-01-02 03:24:08.788912", "node": "000f:53ff:fe59:f720.1", "parent-port": "ec46:70ff:fe00:be68.1", "sync-seq": 47451, "offset-from-master": 8.000000, "mean-path-delay": 1896.000000, "sync-ingress-timestamp": 1514863481.788857043 } }
{ "rx-event": {"monitor-seq-id": 12, "monitor-timestamp": "2018-01-02 03:24:08.788912", "node": "000f:53ff:fe59:f720.1", "parent-port": "ec46:70ff:fe00:be68.1", "sync-seq": 47452, "offset-from-master": 8.000000, "mean-path-delay": 1896.000000, "sync-ingress-timestamp": 1514863482.788853191 } }
{ "rx-event": {"monitor-seq-id": 13, "monitor-timestamp": "2018-01-02 03:24:08.788913", "node": "000f:53ff:fe59:f720.1", "parent-port": "ec46:70ff:fe00:be68.1", "sync-seq": 47453, "offset-from-master": -1.000000, "mean-path-delay": 1896.000000, "sync-ingress-timestamp": 1514863483.788851917 } }
{ "rx-event": {"monitor-seq-id": 14, "monitor-timestamp": "2018-01-02 03:24:08.788913", "node": "000f:53ff:fe59:f720.1", "parent-port": "ec46:70ff:fe00:be68.1", "sync-seq": 47454, "offset-from-master": -3.500000, "mean-path-delay": 1893.500000, "sync-ingress-timestamp": 1514863484.788848072 } }
I am new to Splunk and regex... please help.
... View more