Splunk Search

How can I build a report using my query of IP addresses with the location information off of the lookup file?

dionrivera
Path Finder

Hi Team. I have a splunk query with a list of IP addressses(Client_IP). I also have a lookup file with the IP ranges(cidr_match) which also has a location(location) fields pinpointing a location of that IP address. How can I build a report using my query of IP addresses with the location information off of the lookup file?

Labels (1)
0 Karma

yuanliu
SplunkTrust
SplunkTrust

I suppose that you have set up the lookup with match_type CIDR; the lookup theoretically would give you lat-long.  Suppose the three columns in mylookup are: cidr, lat, and long. (You should have specified these parameters in the question and not waiting for others to speculate, which can easily be off base.)  Not sure what the real question is.  Do you get error?  Unexpected output?  This will be your basic listing.  Or are you asking for a specific report format?

| lookup mylookup cidr AS Client_IP
| table Client_IP lat long

 

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...