Hello All,
I have 2 CIDR lookup files uploaded in Splunk with all necessary configurations done. fFirst Lookup file internal.csv contains data as below,
Region IP
EMEA 10.0.0.0/8
APAC 172.15.0.0/16
and so on....
While the second lookup file dc.csv contains data as below,
Region IP
Datacenter Europe 140.0.0.0/18
Datacenter US 50.0.0.0/16
and so on...
I need a search which will show me the data where the source IP is from dc.csv range and destination IP is not from dc.csv and internal.csv CIDR range.
In short, I need a search where I can monitor traffic going outside from Datacenter.
Thanks in advance
See if this answers your question
https://answers.splunk.com/answers/305211/how-to-match-an-ip-address-from-a-lookup-table-of.html
See if this answers your question
https://answers.splunk.com/answers/305211/how-to-match-an-ip-address-from-a-lookup-table-of.html
Hi, Thanks for the link. This helped me in understanding how lookup works. And was able to write a search to monitor the traffic going outside the datacenter.