How to upload a CSV file daily and compare it with...

Splunk Enterprise Security

Hello team!
I'm new to this and I need help.

I would like to upload a CSV file with the following structure to Splunk. The file is updated and uploaded daily.

Below is the structure.

malware, Bambenek Consulting, bambenek_banjori.ipset, 110, Mon Aug 27 13:08:07 UTC 2018,5.79.79.210

How could I do it? Finally, I would like with the following search for IP appears in that CSV.

index=xxx  "TCP SYN with data" (src_zone!="x" AND src_zone!="x") (dest_zone!="Inet-WAN1" AND dest_zone!="Inet-WAN2") | stats count, values(src_zone) as "Source Zone",values(dest_zone) as "Destination Zone", values(dest_ip) as dest_ip, values(threat_name) as "Threat Name", values(vendor_action) as Action, values(severity) as Severity by user,src_ip, generated_time | rename src_ip as Source_IP, dest_ip as Destination_IP, user as User, generated_time as Date |table Date, "Threat Name", Action, Severity, "Source_IP", "Destination_IP", User, "Source Zone", "Destination Zone"

Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0 mTLS wasn’t just a checkbox ...

Are you a member of the Splunk Community?