Hello Splunk Community! I am very new to Splunk, and SPL. My question is... If I have a dashboard of two panels (VulnScans, Firewall_Events) Would I be able to accomplish the following query (or anything like it) in the 'Firewall_Events' panel: index=firewall src_ip=List_of_IPs_from_table_in_VulScans AND src_port=List_of_Ports_from_table_in_VulScans what I would like to achieve is to take both the vulnerable IPs and their associated vulnernable port (IP.252 AND port23, IP.224 AND port25,......) that were output from the query in the VulScans panel, and search them in the firewall events for any traffic to/from that IP AND to/from it's port for further investigation. Would I be able to AND each row or conjoin the IP and Port somehow to be seen as one item/field (IP1 AND Port1 as Asset1? Would I be able to OR each set; search for IP.252 AND Port23 OR IP.224 AND Port25, ..........and so forth?
... View more