×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
bobmorning
Engager
Member since: ‎03-15-2022
‎04-23-2024
Community Statistics
Posts 3
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎03-15-2022
Activity Feed
View All

Elegant way of searching for all events where a fi...

by in Splunk Search
‎02-09-2024 07:34 AM
‎02-09-2024 07:34 AM
What is the most elegant way of searching for events where a field is not in a list of values?   For example: index=foo | iplocation foo_src_ip | search Country IN ("France", "United States") works great.    But what if I want all events where the IP was not from those countries (the  inverse answer), like "Canada", "Mexico". Thanks for any assistance. Bob ... View more

Excluding some event log data from being forwarded...

by in Getting Data In
‎03-17-2022 11:37 AM
‎03-17-2022 11:37 AM
We have an outside scanning agency that is constantly doing nmap like scans of our perimeter.   It is generating a log of log data on the perimeter CISCO firewalls. We know the IPs that the scanning is coming from; is there a way to tell the forwarders to NOT forward that log data from the firewalls for those IPs? For example, if any tcp/ip log data is seen from 1.2.3.4, don't forward it, but if from any other IP address, treat it normally and forward it. Thanks for any insights on this. Our Splunk SME are looking at CRIBL to do this but reading this thread makes me believe there are configuration settings that might address this?    V/R Bob M. ... View more

Re: How can I exclude data from being ingested by ...

by in Getting Data In
‎03-16-2022 05:04 AM
‎03-16-2022 05:04 AM
We have an outside scanning agency that is constantly doing nmap like scans of our external perimeter.  It is generating a log of log data on the perimeter CISCO firewalls.   We know the IPs that the scanning is coming from; is there a way to tell the forwarders to NOT forward that log data from the firewalls for those IPs? Thanks for any insights on this.  Our Splunk SME are looking at CRIBL to do this but reading this thread makes me believe there are configuration settings that might address this? V/R Bob M. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎04-23-2024 12:57 PM
Karma given to
View All