How to search multiple dstIP traffic most efficien...

SimonM · ‎02-24-2022

Its a basic request however has been causing me grief:

Easiest / most efficient way to find Destination IP (dstip) for multiple IP list:

I regularly am supplied with a list of IP (10-20) for confirmation

Need to stop using ;

OR "" OR "" OR ""

Like to use simple lookup for multiple dstIP if possible - copy and paste IP scenario

index=? if dstip =    

1.2.3.4

2.3.4.5

3.4.5.6

4.5.6.7

| table hostname, hostip

Yes I'm learning but I super appreciate any help with this easy one > will save me hours

yuanliu · ‎02-25-2022

I am confused. Is this a simple exercise of list operator IN in search? (Search: Comparison expression options)

index=? dstip IN (
1.2.3.4,
2.3.4.5,
3.4.5.6,
4.5.6.7)
| table hostname, hostip

How to search multiple dstIP traffic most efficiently