Solved: Re: compare a previous result

jmsiegma · ‎05-07-2013

I have created a search for my VPN users, when they connect, from where they connect (SRC IP) and geoip that IP to lookup the country, city, state.

What I would like to do now is to be able to store that value, and the next time that user logs in so that I would be able to display their last IP, and Geo location information, so I can build a trend as to if that user is logging in from the same place or not.

Any way to do this?

lguinn2 · ‎05-07-2013

You could have your search results output to a csv file and then use that file as a lookup table in the future.

Here is a answer that talks about this idea, although the question is different: Lookup table populating from a saved search

Here is some info from the documentation (but you may need to read a little more about lookups, too):
Use Search Results to Populate a Lookup Table

View solution in original post

lguinn2 · ‎05-07-2013

You could have your search results output to a csv file and then use that file as a lookup table in the future.

Here is a answer that talks about this idea, although the question is different: Lookup table populating from a saved search

Here is some info from the documentation (but you may need to read a little more about lookups, too):
Use Search Results to Populate a Lookup Table

compare a previous result

New Year. New Skills. New Course Releases from Splunk Education

Splunk and TLS: It doesn't have to be too hard

Faster Insights with AI, Streamlined Cloud-Native Operations, and More New Lantern ...

Join the Conversation

compare a previous result

New Year. New Skills. New Course Releases from Splunk Education

Splunk and TLS: It doesn't have to be too hard

Faster Insights with AI, Streamlined Cloud-Native Operations, and More New Lantern ...