Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I maintain a lookup table of host to IP mapping?

daniel333
Builder
‎07-30-2016 01:25 PM

All,

So there are situations where folks ask me to "check the logs on everything on subnet 1.2.3.x/25" Rather than by host. Especially with PCI.

Is there a meta data relationship stored in Splunk from the UF and the host name? What about syslog devices?

thanks in advance,
-Daniel

Tags (1)
0 Karma
Reply

ddrillic
Ultra Champion
‎07-31-2016 10:46 AM

You can potentially create additional meta-data fields with logical separation of these subnets. It can be via the beloved sourcetype field or any other field which you create.

0 Karma
Reply

Jarohnimo
Builder
‎07-31-2016 05:33 AM

Ypu Pretty much has it right search would be.

Index=UrIndex Sourcetype=whateverursourceis 1.2.3.*

This will return all the traffic back for that subnet only

0 Karma
Reply
Get Updates on the Splunk Community!

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Cultivate Your Career Growth with Fresh Splunk Training

Growth doesn’t just happen—it’s nurtured. Like tending a garden, developing your Splunk skills takes the right ...

Introducing a Smarter Way to Discover Apps on Splunkbase

We’re excited to announce the launch of a foundational enhancement to Splunkbase: App Tiering.  Because we’ve ...