I have 2 CIDR lookup files uploaded in Splunk with all necessary configurations done. fFirst Lookup file internal.csv contains data as below,
and so on....
While the second lookup file dc.csv contains data as below,
Datacenter Europe 184.108.40.206/18
Datacenter US 220.127.116.11/16
and so on...
I need a search which will show me the data where the source IP is from dc.csv range and destination IP is not from dc.csv and internal.csv CIDR range.
In short, I need a search where I can monitor traffic going outside from Datacenter.
Thanks in advance