Hello, Thanks for the help again @ITWhisperer .  Unfortunately i need another result. I gott this table(with your search): Off: I gott same resoult whit this search:     splunk_server="xyserver" index=main source="/var/log/ids.log" earliest=-24h | stats count by name, dest_ip, src_ip | sort –count | eval ip_dot_decimal_split=split(src_ip,".") | eval first=mvindex(ip_dot_decimal_split,0),second=mvindex(ip_dot_decimal_split,1),third=mvindex(ip_dot_decimal_split,2),fourth=mvindex(ip_dot_decimal_split,3)| fields - ip_dot_decimal_split | eval first=first*pow(256,3),second=second*pow(256,2),third=third*256 | eval ip_address_integer=first+second+third+fourth | union [ search index=main host="xy2server" sourcetype="geo_ip_locations" earliest="08/24/2021:00:00:00" latest="08/24/2021:00:03:00" | table start_off finish_off "Alpha_2 code" Country] | fields - first,second,third,fourth     And i don't have idea, how to search the ip_address_integer values in the range  of start_off and Finish _off  and gett back the Country and A2code valoues in the first 4 line. From Two Tables, I would like to identify which country src-ip is from? ... View more

Hi, Thank you for your answer, but i think this is not the solution I need or I get it wrong. There is my two table: First: I want add it to the first table the appropriate value from the second table(Alpha2 & Country). I need to find which country is where my ip falls in his range and add it to my first table as a new columns (A2 Code and Country). Second Like this(edited picture): (the values are not corret) Thanks! AnnexQ ... View more