cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
rsh324
Engager
Member since: ‎02-10-2021
‎02-10-2021
Community Statistics
Posts 1
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎02-10-2021
View All

Can I query an entire list of results from one pan...

by in Dashboards & Visualizations
‎02-10-2021 11:59 AM
‎02-10-2021 11:59 AM
Hello Splunk Community! I am very new to Splunk, and SPL. My question is... If I have a dashboard of two panels (VulnScans, Firewall_Events) Would I be able to accomplish the following query (or anything like it) in the 'Firewall_Events' panel: index=firewall  src_ip=List_of_IPs_from_table_in_VulScans  AND  src_port=List_of_Ports_from_table_in_VulScans   what I would like to achieve is to take both the vulnerable IPs and their associated vulnernable port (IP.252 AND port23, IP.224 AND port25,......) that were output from the query in the VulScans panel, and search them in the firewall events for any traffic to/from that IP AND to/from it's port for further investigation. Would I be able to AND each row or conjoin the IP and Port somehow to be seen as one item/field (IP1 AND Port1 as Asset1? Would I be able to OR each set; search for  IP.252 AND Port23  OR  IP.224 AND Port25, ..........and so forth? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎02-10-2021 07:06 PM
Karma given to
View All