Solved: Help with search query for non-reporting IP addres...

vinothkumark · ‎02-10-2023

Hi All,

I have a field name ip_address which has 50 IP values in it. at every 5mins interval, I will receive the same values.

ip_address

10.1.1.1
10.1.1.2
10.1.1.3
.
.
.
10.1.1.49
10.1.1.50

What are ways to list down the values which are not coming to splunk. Let's say 10.1.1.2 and 10.1.1.45 are not coming to splunk. Then I need those missing values to be listed in statistical way to create an alert for missing ip address.

What are ways to achieve this.

Please help 🙂 Thanks in advance.

richgalloway · ‎02-10-2023

Finding something that is not there is not Splunk's strong suit. See this blog entry for a good write-up on it.

https://www.duanewaddle.com/proving-a-negative/

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎02-10-2023

Finding something that is not there is not Splunk's strong suit. See this blog entry for a good write-up on it.

https://www.duanewaddle.com/proving-a-negative/

---
If this reply helps you, Karma would be appreciated.

Help with search query for non-reporting IP addresses?

eval

fields

lookup

stats

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!