Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to Alert if an IP is added to a field

shanecifaldi
Loves-to-Learn Everything
‎08-16-2021 01:28 PM

I need some help with an alert i have been stuck on. I have a DBCONNECT lookup that returns a value once a day. This value contains 18 IPs at the moment all separated by "," - for example value=1.1.1.1/24,2.2.2.2, 5.5.5.5/16.

I need an search i can create an alert off of if there is an IP added to this compared to when it was last ran. IE - search 1 at 6am had 5 IPs search 2 the next day has 6 IPs - alert.

right now i get the all the IPs in one field called "Value=" - looks like the below (ips changed for this post)

value="1.526.323.176/2,133.58.35.4/2,10.199.0.99/14

I basically need the alert to send our team an email letting us know an IP has been added and we should look into it.

 

 

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...