Knowledge Management

Presenting IP addresses as hostnames from CSV file

ac89live
Explorer

Hello

I'm new to Splunk community and I'd like to start using Splunk as a syslog server for all traffic generated from our firewall.

We'd like to send all the logs from the firewall to the Splunk machine, using the FortiGate add-on.

 

Our firewall is sending the traffic log as source/destination IP address format, and we'd like to present it in the Splunk dashboard as hostnames. Like every IP subnet presented as a name. for example:

-- all source IPs from subnet 192.168.1.0/24 presented in Splunk dashboard as : company1_123_PO1_region1

-- all source IPs from subnet 192.168..2.0/24 presented in Splunk dashboard as : company2_321_PO2_region2

We already have a csv file which has all this information.

How can we accomplish this task?

 

Thanks

Labels (3)
0 Karma
1 Solution

thambisetty
SplunkTrust
SplunkTrust

https://www.youtube.com/watch?v=cwEzgY0lAts&t=462s

————————————
If this helps, give a like below.

View solution in original post

thambisetty
SplunkTrust
SplunkTrust

https://www.youtube.com/watch?v=cwEzgY0lAts&t=462s

————————————
If this helps, give a like below.
Get Updates on the Splunk Community!

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

[Coming Soon] Splunk Observability Cloud - Enhanced navigation with a modern look and ...

We are excited to introduce our enhanced UI that brings together AppDynamics and Splunk Observability. This is ...