How to upload a CSV file daily and compare it with...

Splunk Enterprise Security

Hello team!
I'm new to this and I need help.

I would like to upload a CSV file with the following structure to Splunk. The file is updated and uploaded daily.

Below is the structure.

malware, Bambenek Consulting, bambenek_banjori.ipset, 110, Mon Aug 27 13:08:07 UTC 2018,5.79.79.210

How could I do it? Finally, I would like with the following search for IP appears in that CSV.

index=xxx  "TCP SYN with data" (src_zone!="x" AND src_zone!="x") (dest_zone!="Inet-WAN1" AND dest_zone!="Inet-WAN2") | stats count, values(src_zone) as "Source Zone",values(dest_zone) as "Destination Zone", values(dest_ip) as dest_ip, values(threat_name) as "Threat Name", values(vendor_action) as Action, values(severity) as Severity by user,src_ip, generated_time | rename src_ip as Source_IP, dest_ip as Destination_IP, user as User, generated_time as Date |table Date, "Threat Name", Action, Severity, "Source_IP", "Destination_IP", User, "Source Zone", "Destination Zone"

Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Are you a member of the Splunk Community?