×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
ddebevec
New Member
Member since: ‎05-23-2011
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-23-2011
Activity Feed
Topics I've Started
View All

A more efficient query ?

by in Splunk Search
‎12-03-2012 01:05 PM
‎12-03-2012 01:05 PM
One of our users has beought forth the following question: I would like to be able to determine if IP Addresses from China are attempting to hit one or more of our servers. I have a list IP ranges for China in CIDR Notation, to the tune of 3400+, ranges. I have figured out how to make a query using the cidrmatch function, but I am afraid that a query of this nature may cause a severe negative impact on the performance of our Splunk environment. The basics of the query that I have put together are: host=myhost AND error_code-12345 | where (cidrmatch("cidrblk1/24", src) OR cidrmatch("cidrblk2/17", src) OR cidrmatch("cidrblk3/19", src) OR...) Is there a better, more efficient way, "SAFER" way to handle this? Is there a better way to handle this? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:02 AM