01-03-2024 03:12 AM
wanted to know why Infoblox reports "lease threshold crossed" message in separate syslog messages, rather than a single one that would appear as one event in the splunk?
In the SMNP trap the information is concatenated in separate lines:
DHCP high threshold crossed: Member: a.b.c.220 Network: a.b.c.0/24/default Range: a.b.c.102/a.b.c.102///default/ High Trigger Mark: 90% High Reset Mark: 85% Current Usage: 100% Active Leases: 1 Available Leases: 0 Total Addresses: 1
would be good if it is in the same syslog message, instead that every piece of information needs to be a separate syslog message.
How to link the messages together to renders it possible for Splunk to extract the info?
We would like to see/use this alert in one line to use it in splunk.
thanks for your outputs