Hi all,
Just like to know how to convert this syslog log event to be viewed as a table format in Splunk? Guessing this needs be in a rex format similar to another splunk answer post that i saw but i am newbie in this area.
EG Syslog:
Oct 3 18:57:37 abc001234 sshd[12345678]: Failed password for invalid user usr123d from 11.22.33.44 port 66778 ssh2
So the table would be something like this
Date/time
Server (abc001234)
User (usr123d)
IP (11.22.33.44)
Port (66778)
Greatly appreciate your help in this! Thanks.
↧