Hello team!
I'm new to this and I need help.
I would like to upload a CSV file with the following structure to Splunk. The file is updated and uploaded daily.
Below is the structure.
malware, Bambenek Consulting, bambenek_banjori.ipset, 110, Mon Aug 27 13:08:07 UTC 2018,5.79.79.210
How could I do it? Finally, I would like with the following search for IP appears in that CSV.
index=xxx "TCP SYN with data" (src_zone!="x" AND src_zone!="x") (dest_zone!="Inet-WAN1" AND dest_zone!="Inet-WAN2") | stats count, values(src_zone) as "Source Zone",values(dest_zone) as "Destination Zone", values(dest_ip) as dest_ip, values(threat_name) as "Threat Name", values(vendor_action) as Action, values(severity) as Severity by user,src_ip, generated_time | rename src_ip as Source_IP, dest_ip as Destination_IP, user as User, generated_time as Date |table Date, "Threat Name", Action, Severity, "Source_IP", "Destination_IP", User, "Source Zone", "Destination Zone"
... View more