Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Predefined Group

balcv
Communicator
‎01-22-2020 03:18 PM

What is the best way to define a "group" of ip subnets called server_subnet then use that in searches.

I have about 19 subnets used to host our server fleet and I would like to define these subnets and assign a name such as server_subnets so I can then write a search that references that name. For example

index="*" src_ip="server_subnets" | stats count by host

OR

index="*" dest_ip!="server_subnets"

Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

renjith_nair
SplunkTrust
SplunkTrust
‎01-22-2020 11:53 PM

@balcv ,

You may use tags or eventtypes to group fields/values

Most of the options are detailed in the Classify and group similar events

View solution in original post

Reply
Solved! Jump to solution
Solution

renjith_nair
SplunkTrust
SplunkTrust
‎01-22-2020 11:53 PM

@balcv ,

You may use tags or eventtypes to group fields/values

Most of the options are detailed in the Classify and group similar events

View solution in original post

Reply
Get Updates on the Splunk Community!