Hello,
Good day!
Just want to ask if there are some here know how to extract data from Cisco log message.
Here is the example of cisco Log Message:
Line protocol on Interface GigabitEthernet1/0/26, changed state to down
I would like to extract it like the below example:
Interface: Line protocol
Data Port: GigabitEthernet1/0/26
Stae: down
Hoping for your help. Thank you in advance.
Thanks,
Pete
Using the (only) example you’ve given, you could create a Grok pattern (or a regular expression) matching that message, for example:
%{GREEDYDATA:interface} on Interface %{GREEDYDATA:data_port}, changed state to %{GREEDYDATA:state}
Hi jochen,
I have tried creating grok pattern however the fields that i created does not show up when expand logs to see the contents. It always same fields, the new fields created from grok pattern does not showing up.
Do you know why is not showing up ?
Thanks
pete
Without further information? No.
Please post all relevant configuration and a few example messages.
Thanks Jochen,
I got what you mean and it seems to work now.
Thanks again and have a great day!
Regards,
Pete
Hi Jochen,
Just want to ask if there should need to do after adding extractor using Grok pattern. I already added a new extractor using Grok pattern however the suppose to be new fields from the extractor i made were not showing up on the fields of message.
Thank you
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.