×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
tminicoz
Engager
Member since: ‎12-11-2022
‎12-11-2022
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎12-11-2022
View All

Re: How to have a search look for a match between ...

by in Splunk Search
‎12-11-2022 08:23 PM
‎12-11-2022 08:23 PM
Thank you bowesmana for the reply! I did a bit of testing, and this is working as intended. Thank you! ... View more

How to have a search look for a match between one ...

by in Splunk Search
‎12-11-2022 07:14 PM
‎12-11-2022 07:14 PM
My objective is to make a search that compares the dest_ip field value of outbound traffic with the ip values in a lookup table of malicious IPs that results with any matches. The current search is something simple like: index=NetworkTraffic dest_zone="Internet" NOT src_zone="Internet" to view the outbound traffic. The output includes a dest_ip field.  If I have a lookup table called maliciousIPs.csv, which contains a field called "ip", how do I compare that to the dest_ip field?  Ex: If the dest_ip field value of one of the NetworkTraffic logs is 1.2.3.4 and the IP address 1.2.3.4 exists within maliciousIPs.csv, then the search would result.  ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎12-11-2022 10:35 PM