Wondering can this be done - I'm trying to use IPs (there's 50 of them) from a CSV file for a dashboard to Name ones commonly seen but I would also like to have IPs displayed not in the CSV file to be charted both the field in Splunk and the one in the CSV are called "src" .
So far I've been able to translate the IPs in the CSV, but unable to display the whole results without losing the name of the IPs from the CSV file.
What am I doing wrong here? I've tried a number of different ways but suspect its something very simple I've missed
index=fw service=22 dst=22.168.X.X | lookup ip_fw src AS src OUTPUT name_ip | stats count by name_ip
ip_fw csv file
src,name_ip
193.101.X.12,CompanyA
213.101.X.13,CompanyB
103.101.X.12,CompanyC
... View more