×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
timgmanCORP
Observer
Member since: ‎08-12-2024
‎08-14-2024
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎08-12-2024
Activity Feed
Topics I've Started
View All

inputlookup

by in Splunk Search
‎08-14-2024 12:15 PM
‎08-14-2024 12:15 PM
I have a csv with ip addresses. I would like to conduct a search for addresses that are NOT listed in that csv.  I was attempting the following but it does not render the results I was expecting. I want to search for ip addresses that are not in that list.           IE: unknown address...  Splunk Enterprise Security  index=myindex | rex "(?<ip>\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b)" | sort ip | table ip NOT [inputlookup known_addresses.csv] ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎08-14-2024 04:09 PM