Solved: Presenting IP addresses as hostnames from CSV file

ac89live · ‎10-04-2020

Hello

I'm new to Splunk community and I'd like to start using Splunk as a syslog server for all traffic generated from our firewall.

We'd like to send all the logs from the firewall to the Splunk machine, using the FortiGate add-on.

Our firewall is sending the traffic log as source/destination IP address format, and we'd like to present it in the Splunk dashboard as hostnames. Like every IP subnet presented as a name. for example:

-- all source IPs from subnet 192.168.1.0/24 presented in Splunk dashboard as : company1_123_PO1_region1

-- all source IPs from subnet 192.168..2.0/24 presented in Splunk dashboard as : company2_321_PO2_region2

We already have a csv file which has all this information.

How can we accomplish this task?

Thanks

thambisetty · ‎10-05-2020

https://www.youtube.com/watch?v=cwEzgY0lAts&t=462s

————————————
If this helps, give a like below.

View solution in original post

thambisetty · ‎10-05-2020

https://www.youtube.com/watch?v=cwEzgY0lAts&t=462s

————————————
If this helps, give a like below.

Presenting IP addresses as hostnames from CSV file

alias

lookup

Other

Improve Your Security Posture

Maximize the Value from Microsoft Defender with Splunk

This Week's Community Digest - Splunk Community Happenings [6.27.22]