Splunk Search

Can I use a lookup table of IP ranges + location names to add a location field to network traffic based on IP range?

md_zali
New Member

I have a lookup table of IP ranges with location names. I'm trying to search network traffic and add a "location" field to the result based on what IP range the src_ip falls under. I do not have access to any of the configuration files and would like to know if I can do this within the search.

Example of my lookup table (range_location.csv):
range location
50.106.56.0 /21 site_1

0 Karma

strive
Influencer
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi md_zali,
yes you can manage location lookup as a normal lookup relating the lookup's IP ranges with the search results.
Bye.
Giuseppe

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi md_zali,
I found a problem using CIDR that usually works in searches but it seems that doesn't match in lookups.
So a workaround is to write each address in a different row.

IP,location
10.10.10.1,site1
10.10.10.2,site1
10.10.10.3,site1
10.10.10.4,site1
10.10.10.5,site1
10.10.10.6,site2
10.10.10.7,site2
10.10.10.8,site2
10.10.10.9,site2
10.10.10.10,site2
...

so you can use a search like this
index=your_index
| lookup range_location.csv range AS IP OUTPUT location
|table _time IP location

Bye.
Giuseppe

0 Karma

md_zali
New Member

Thanks Giuseppe,
Can you please help me with the search?
As mentioned, I need to compare source IPs with the ranges and return the location as a new field.

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...