Security

source IP field

allenhau
Engager

Hello,

I am new to splunk and have not started the evaluation yet but wanted to ask this question that may be obvious.

Let's say Firewall-1 sends logs to splunk with the source IP defined as "src IP"
Firewall-2 sends logs to splunk with source IP defined as "source IP"

Would splunk automatically place it into a common filed? If so, what would that field be called? If splunk can't place it into a common field what would an admin have to do to accomplish that?

Tags (1)
0 Karma

arjunpkishore5
Motivator

Unless you explicitly override the "host" field, it'll be part of the metadata field "host"

0 Karma
Get Updates on the Splunk Community!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Index This | What goes away as soon as you talk about it?

May 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this month’s ...