Using Index info to cross reference CSV and Map

Splunk Search

Hello, I have an indexed list of internal IPs that I have been able to get a count for based on a CIDR list on a CSV Lookup table:

sourcetype="rapid7:insightvm:asset" "tags{}.name"="*" index=rapid7 | dedup id | fields ip
| lookup GracoSubnet2.csv CIDR_range as ip OUTPUT CIDR_range as CIDR Latitude Longitude
| where CIDR != "NONE"
| stats count, values(ip), as Unique_IP by CIDR

This gives me a great table with a count based on how many Unique internal IPs fall under one CIDR range.

I have been unable to figure out how to take that count and reference the Lat and Lon data for those CIDRs that are in the CSV Lookup table.

Any Ideas?

Get Updates on the Splunk Community!

Using Index info to cross reference CSV and Map

count

fields

stats

table

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation

Using Index info to cross reference CSV and Map

count

fields

stats

table

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future