Splunk Search
Highlighted

Can I use a lookup table of IP ranges + location names to add a location field to network traffic based on IP range?

New Member

I have a lookup table of IP ranges with location names. I'm trying to search network traffic and add a "location" field to the result based on what IP range the src_ip falls under. I do not have access to any of the configuration files and would like to know if I can do this within the search.

Example of my lookup table (rangelocation.csv):
range location
50.106.56.0 /21 site
1

0 Karma
Highlighted

Re: Can I use a lookup table of IP ranges + location names to add a location field to network traffic based on IP range?

Legend

Hi md_zali,
yes you can manage location lookup as a normal lookup relating the lookup's IP ranges with the search results.
Bye.
Giuseppe

0 Karma
Highlighted

Re: Can I use a lookup table of IP ranges + location names to add a location field to network traffic based on IP range?

New Member

Thanks Giuseppe,
Can you please help me with the search?
As mentioned, I need to compare source IPs with the ranges and return the location as a new field.

0 Karma
Highlighted

Re: Can I use a lookup table of IP ranges + location names to add a location field to network traffic based on IP range?

Legend

Hi md_zali,
I found a problem using CIDR that usually works in searches but it seems that doesn't match in lookups.
So a workaround is to write each address in a different row.

IP,location
10.10.10.1,site1
10.10.10.2,site1
10.10.10.3,site1
10.10.10.4,site1
10.10.10.5,site1
10.10.10.6,site2
10.10.10.7,site2
10.10.10.8,site2
10.10.10.9,site2
10.10.10.10,site2
...

so you can use a search like this
index=yourindex
| lookup range
location.csv range AS IP OUTPUT location
|table _time IP location

Bye.
Giuseppe

0 Karma
Highlighted

Re: Can I use a lookup table of IP ranges + location names to add a location field to network traffic based on IP range?

Influencer
0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.