Hi All,
Just a brief history to supplement my question:
We have a wireless controller sending its syslog to the Orion Platform. The syslog messages contains the "clientIP", "clientMAC", and "userName" entries which is what I am after. I have attached a snippet of the entire syslog message (I've removed some of the values for security reasons):
@206,clientAuthorization,"apMac"="8c:7a:15:3c:c4:70","clientMac"="32:04:d7:02:eb:d7","ssid"=" ","bssid"="8c:7a:15:fc:c4:78","userId"="","wlanId"="15","iface"="wlan3",
"tenantUUID"="839f87c6-d116-497e-afce-aa8157abd30c","apName"="NM-L1-AP4","clientIP"="10.0.130.20","userName"="", "vlanId"="130","radio"="g/n/ax","encryption"="WPA2-AES",
"fwVersion"="5.2.2.0.301","model"="R650","zoneUUID"="a8afbbcd-3644-4750-b04f-350389e651c1","zoneName"="North Melbourne","timeZone"="UTC+0","apLocation"="","apGps"="",
"apIpAddress"="10.0.100.64","apIpv6Address"="","apGroupUUID"="df709528-1ef6-440e-9eb8-8e3dc9b3285e","domainId"="8b2081d5-9662-40d9-a3db-2a3cf4dde3f7","serialNumber"="122139001360",
"domainName"="Administration Domain","wlanGroupUUID"="ce63aad0-0181-11ec-8e5c-fa1b7457f008","idealEventVersion"="3.5.1","apDescription"=""
As for my question, is there a way to extract these values and add them to the custom table report?
I've been looking into SWQL as a possible solution but since I do not have any experience with SQL in the first place, it was very difficult for me to create the correct query. If you can provide some guidance as to how to achieve this, it would be very helpful.
I have also tagged all syslog messages containing those three entries for easier filtering; I'm not sure if this would help in querying those entries.
I'm hoping for the output to be somewhat this:
| Source Time | clientMac | clientIP | userName |
| 3:05:00 PM | 32:04:d7:02:eb:d7 | 10.0.130.20 | tilisan |
Thank you in advance.
Cheers!
