Reply

Infoblox reports "lease threshold crossed" message in separate syslog messages

New Member
Posts: 3
1207     0

Hi all,

 

wanted to know why Infoblox reports "lease threshold crossed" message in separate syslog messages, rather than a single one that would appear as one event in the splunk?

 

In the SMNP trap the information is concatenated in separate lines:

DHCP high threshold crossed:
Member: a.b.c.220
Network: a.b.c.0/24/default
Range: a.b.c.102/a.b.c.102///default/
High Trigger Mark: 90%
High Reset Mark: 85%
Current Usage: 100%
Active Leases: 1
Available Leases: 0

Total Addresses: 1 

 

would be good if it is in the same syslog message, instead that every piece of information needs to be a separate syslog message.

How to link the messages together to renders it possible for Splunk to extract the info?
We would like to see/use this alert in one line to use it in splunk.

thanks for your outputs

Re: Infoblox reports "lease threshold crossed" message in separate syslog messages

[ Edited ]
New Member
Posts: 3
1208     0

@borisurdu novels wrote:

Hi all,

 

wanted to know why Infoblox reports "lease threshold crossed" message in separate syslog messages, rather than a single one that would appear as one event in the splunk?

 

In the SMNP trap the information is concatenated in separate lines:

DHCP high threshold crossed:
Member: a.b.c.220
Network: a.b.c.0/24/default
Range: a.b.c.102/a.b.c.102///default/
High Trigger Mark: 90%
High Reset Mark: 85%
Current Usage: 100%
Active Leases: 1
Available Leases: 0

Total Addresses: 1 

 

would be good if it is in the same syslog message, instead that every piece of information needs to be a separate syslog message.

How to link the messages together to renders it possible for Splunk to extract the info?
We would like to see/use this alert in one line to use it in splunk.

thanks for your outputs


To address the "lease threshold crossed" messages appearing as separate syslog entries in Splunk, you can configure Splunk to correlate these related messages into a single event. One approach is to use Splunk's “Transaction” command to group multiple log messages based on a common identifier or timestamp.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You