Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Searching a port range

EricPartington
Communicator
‎03-01-2011 01:28 PM

How can i search for matches using a port range on an extracted field?

for example:

if i want all events in port range 512-514 and i have a field extracted as dest_ip

or a larger extension, how to search using ranges of values?

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

ziegfried
Influencer
‎03-01-2011 02:13 PM

You can search for ranges like this:

sourcetype=mysourcetype myfield>=512 myfield<=514

Which will give you results for events with myfield values from 512 to 514.

View solution in original post

Reply
Solved! Jump to solution
Solution

ziegfried
Influencer
‎03-01-2011 02:13 PM

You can search for ranges like this:

sourcetype=mysourcetype myfield>=512 myfield<=514

Which will give you results for events with myfield values from 512 to 514.

Reply
Solved! Jump to solution

merrymana
Engager
‎03-02-2019 03:19 PM

Could you provide an example?

0 Karma
Reply
Solved! Jump to solution

merrymana
Engager
‎03-02-2019 03:47 PM

I discovered another method to search for a range:
src_ip IN (10.10., 10.20., 10.30.)
or
dest_port IN (110, 111, 112, 113)
instead of
src_ip=10.10. OR src_ip=10.20.* OR src_ip=10.30.*
or
dest_port=110 OR dest_port=111 OR dest_port=112

Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...