Hi!
Thanks for the answer. It was close to what I am looking for, but I think I didn't explain my issue well enough.
Here is an example of the lookup table (in csv) I uploaded to Splunk:
Host,Device_Type
172.20.77.100,ISAM
172.20.77.101,ISAM
172.20.77.102,MKX
172.20.77.103,MKX
And the index data is coming to a specific port (UDP: 514) of Splunk, so I can recognize the IP (Host) of each Device. In the Data Summary Button, Host Tab, I have the indexed data coming from many hosts which ones are classified in the csv file. What I am looking for is query that begins with the following:
source="udp:514" | "command_to_filter_the_ISAM_devices_for_example"
I would like a command that allows me to only show the index data of the ISAM devices, for example, in order to make a dashboard of this devices only or a way to do something similar. ¿Can you help me with this?
Thanks in advance!
... View more