Solved: Presenting IP addresses as hostnames from CSV file

ac89live · ‎10-04-2020

Hello

I'm new to Splunk community and I'd like to start using Splunk as a syslog server for all traffic generated from our firewall.

We'd like to send all the logs from the firewall to the Splunk machine, using the FortiGate add-on.

Our firewall is sending the traffic log as source/destination IP address format, and we'd like to present it in the Splunk dashboard as hostnames. Like every IP subnet presented as a name. for example:

-- all source IPs from subnet 192.168.1.0/24 presented in Splunk dashboard as : company1_123_PO1_region1

-- all source IPs from subnet 192.168..2.0/24 presented in Splunk dashboard as : company2_321_PO2_region2

We already have a csv file which has all this information.

How can we accomplish this task?

Thanks

thambisetty · ‎10-05-2020

https://www.youtube.com/watch?v=cwEzgY0lAts&t=462s

————————————
If this helps, give a like below.

View solution in original post

thambisetty · ‎10-05-2020

https://www.youtube.com/watch?v=cwEzgY0lAts&t=462s

————————————
If this helps, give a like below.

Presenting IP addresses as hostnames from CSV file

alias

lookup

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Join the Conversation