Splunk Newbie here. I am trying to map IP Addresses to Groups. I have SRC_IP, DEST_IP fields in my csv input. For instance, if I have 188.8.131.52 as source and 184.108.40.206 as a destination. I wanted to add fields in my table to say220.127.116.11/24 CIDRand maps to group Printers and18.104.22.168/24` to group PCs, for example.
I have been looking at the cidrmatch and lookup table, are these the right approaches? Any suggestions?
My input is a csv includes source and destination IP and port numbers. Thank you in advance.