Solved: help with spl - ntp

iherb_0718 · ‎01-13-2021

Looking for help with a splunk search syntax.

index=*

sourcetype=asa

I want to search for dest_port of 123 where the dest_ip does NOT equal 172.16.0.0/16 or 10.0.0.0/8

Basically I want to see dest_port of 123 where the dest_IP is a public IP and not any of my internal IP range.

scelikok · ‎01-13-2021

You can use below query;

index=* sourcetype=asa dest_port=123 dest_ip!="172.16.0.0/16" dest_ip!="10.0.0.0/8"

If this reply helps you an upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

scelikok · ‎01-13-2021

You can use below query;

index=* sourcetype=asa dest_port=123 dest_ip!="172.16.0.0/16" dest_ip!="10.0.0.0/8"

If this reply helps you an upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

help with spl - ntp