Hi there,
I have a use case to query internal and external ip addresses of the host which has UF installed. I am using approach below and hoping for a better solution. Appreciate your help in advance!
For external IP:
index=_internal group=tcpin_connections hostname=*
This will provide me sourceIp (external ip)
For Internal IP:
index=_internal sourcetype=splunkd_access phonehome | rex command to retrieve internal ip from the string
Is this the correct approach? I was hoping for a single search to retrieve both IPs.
... View more