Splunk search for Extract DNS information from netscaler syslog
Copy
sourcetype="citrix:netscaler:syslog" DNS | rex field=_raw "^\s+(?<date>[^:]+):(?<time>[^\s]+)(?:[^:\n]*:){3}(?<source_ip>[^#]+)(?:[^/\n]*/){8}\d+#(?<dns>(?#)[_a-zA-Z0-9.-]+)(\.\/)" | eval date=date." ".time | table date, source_ip, dns | rename date as Date, source_ip as Source, dns as DNS
This search will help you to extract DNS information from netscaler syslog.
0 comments
[0]
[0]
[0]
[0]
Sign in or Register to submit a comment