https://community.splunk.com/t5/Splunk-Search/Lookup-filter-based-on-time/m-p/532491#M150429 <P>Hi Everyone,</P><P>I have subnet of IP's. whenever we see any traffic from that IP's we need alert but in between we have only few serves which is authorized for next one week(or mentioned time in lookup). I have a lookup table for that having two fields&nbsp;<BR />src====== date</P><P>a.b.c.d----- epoc time(11-12-2020)</P><P>&nbsp;</P><P>Now I want a end result that&nbsp;</P><P>any IP from that subnet(UAT Subnet) and&nbsp; authorized servers access internet even after mentioned date in lookup table.</P><P>(Please note that that authorized servers are also from that UAT subnet)</P><P>create an alert.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 09 Dec 2020 15:44:32 GMT riqbal47010 2020-12-09T15:44:32Z https://community.splunk.com/t5/Splunk-Search/Lookup-filter-based-on-time/m-p/532491#M150429 <P>Hi Everyone,</P><P>I have subnet of IP's. whenever we see any traffic from that IP's we need alert but in between we have only few serves which is authorized for next one week(or mentioned time in lookup). I have a lookup table for that having two fields&nbsp;<BR />src====== date</P><P>a.b.c.d----- epoc time(11-12-2020)</P><P>&nbsp;</P><P>Now I want a end result that&nbsp;</P><P>any IP from that subnet(UAT Subnet) and&nbsp; authorized servers access internet even after mentioned date in lookup table.</P><P>(Please note that that authorized servers are also from that UAT subnet)</P><P>create an alert.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 09 Dec 2020 15:44:32 GMT https://community.splunk.com/t5/Splunk-Search/Lookup-filter-based-on-time/m-p/532491#M150429 riqbal47010 2020-12-09T15:44:32Z