I have 2 CIDR lookup files uploaded in Splunk with all necessary configurations done. fFirst Lookup file internal.csv contains data as below,
and so on....
While the second lookup file dc.csv contains data as below,
Datacenter Europe 188.8.131.52/18
Datacenter US 184.108.40.206/16
and so on...
I need a search which will show me the data where the source IP is from dc.csv range and destination IP is not from dc.csv and internal.csv CIDR range.
In short, I need a search where I can monitor traffic going outside from Datacenter.
Thanks in advance
See if this answers your question
View solution in original post
Hi, Thanks for the link. This helped me in understanding how lookup works. And was able to write a search to monitor the traffic going outside the datacenter.