I have a search like this:
sourcetype="access_combined" /organizations/*/profitPercentage/profitValue POST 200
I am trying to get a cumulative sum of orgs ( in the log entry * replaces the organization Name)
I would like to exclude from this search (which is looking at access logs essentially) certain IP ranges. Its easy to simply append | where clientip NOT XXX.XX.XX.XX if it was just ONE IP.
In my case there's ranges, 6 of them actually. How would I go about that ?
For example, i need to exclude everything between 134.26.88.20 to 134.26.88.68 (and then similarly for 5 other such ranges). How would I go about that ?
I would probably use a lookup file.
http://splunk-base.splunk.com/answers/13871/creating-exclusion-list-file-for-excluding-ip-addresses
I would probably use a lookup file.
http://splunk-base.splunk.com/answers/13871/creating-exclusion-list-file-for-excluding-ip-addresses