Solved: Searching a port range

EricPartington · ‎03-01-2011

How can i search for matches using a port range on an extracted field?

for example:

if i want all events in port range 512-514 and i have a field extracted as dest_ip

or a larger extension, how to search using ranges of values?

ziegfried · ‎03-01-2011

You can search for ranges like this:

sourcetype=mysourcetype myfield>=512 myfield<=514

Which will give you results for events with myfield values from 512 to 514.

View solution in original post

ziegfried · ‎03-01-2011

You can search for ranges like this:

sourcetype=mysourcetype myfield>=512 myfield<=514

Which will give you results for events with myfield values from 512 to 514.

merrymana · ‎03-02-2019

Could you provide an example?

merrymana · ‎03-02-2019

I discovered another method to search for a range:
src_ip IN (10.10., 10.20., 10.30.)
or
dest_port IN (110, 111, 112, 113)
instead of
src_ip=10.10. OR src_ip=10.20.* OR src_ip=10.30.*
or
dest_port=110 OR dest_port=111 OR dest_port=112

Searching a port range

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Are you a member of the Splunk Community?

Searching a port range

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases