Solved: Same ip address in different host

Anto · ‎11-30-2020

I want to catch from my index=ip the field value ip_address in common in one or more hosts.
I want to get something like this:
This IP ADDRESS is in common with 3 host

and so have a list or a chart where i can see all the ip address in common in the hosts.

Don't know how to get it, thank you in advantage.

richgalloway · ‎11-30-2020

Try this

... | stats values(host) as hosts by ip_address
| where mvcount(hosts) > 1

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Anto · ‎12-01-2020

Really thank you, is exactly what i was looking for. It works

richgalloway · ‎11-30-2020

Try this

... | stats values(host) as hosts by ip_address
| where mvcount(hosts) > 1

---
If this reply helps you, Karma would be appreciated.

Same ip address in different host

chart

count

stats

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation