Splunk Enterprise Security

How to upload a CSV file daily and compare it with a search?

christianubeda
Path Finder

Hello team!
I'm new to this and I need help.

I would like to upload a CSV file with the following structure to Splunk. The file is updated and uploaded daily.

Below is the structure.

malware, Bambenek Consulting, bambenek_banjori.ipset, 110, Mon Aug 27 13:08:07 UTC 2018,5.79.79.210

How could I do it? Finally, I would like with the following search for IP appears in that CSV.

index=xxx  "TCP SYN with data" (src_zone!="x" AND src_zone!="x") (dest_zone!="Inet-WAN1" AND dest_zone!="Inet-WAN2") | stats count, values(src_zone) as "Source Zone",values(dest_zone) as "Destination Zone", values(dest_ip) as dest_ip, values(threat_name) as "Threat Name", values(vendor_action) as Action, values(severity) as Severity by user,src_ip, generated_time | rename src_ip as Source_IP, dest_ip as Destination_IP, user as User, generated_time as Date |table Date, "Threat Name", Action, Severity, "Source_IP", "Destination_IP", User, "Source Zone", "Destination Zone"
0 Karma
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.


Introducing Unified TDIR with the New Enterprise Security 8.2

Read the blog
Get Updates on the Splunk Community!

Index This | What’s a riddle wrapped in an enigma?

September 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

BORE at .conf25

Boss Of Regular Expression (BORE) was an interactive session run again this year at .conf25 by the brilliant ...

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...