Hi all,
I want to monitor critical Cisco ports status. My goal would be to setup a list of critical ports using a csv file for example and to be alerted by splunk when a specific eventtype (port up or down) happens on a port matching my csv file...
Here is what i did for the moment :
1) created a lookup file (csv format) : /splunk/splunk/etc/apps/search/lookups/cisco_lookup_interfaces.csv
with the following content : hostname,interface,description sw-XX-c3750-01,TenGigabitEthernet3/0/1,INTERCO 1 sw-ZZ-c3650-02,TenGigabitEthernet4/0/1,INTERCO 2 sw-YY-c6450-01,GigabitEthernet3/0/52,INTERCO 3
2) I created 2 eventtype (for port up and port down)
3) I then tryed to call it and create a search, but without success...
Any help would be very cool...
Nb : goal would be search and be alerted when an eventtype "PORT_UP" or "PORT_DOWN" is corresponding to a hostanme+interface contained in the csv file. output should display hostname + interface + description (fro mcsv file) and status : UP or DOWN
Thanks a lot for your help, i really don't understand lookup docs...
Florent
