Hi all,
Splunk Newbie here. I am trying to map IP Addresses to Groups. I have SRC_IP, DEST_IP
fields in my csv input. For instance, if I have 1.1.1.1
as source and 2.2.2.2 as a destination. I wanted to add fields in my table to say
1.1.1.0/24 CIDRand maps to group Printers and
2.2.2.0/24` to group PCs, for example.
I have been looking at the cidrmatch and lookup table, are these the right approaches? Any suggestions?
My input is a csv includes source and destination IP and port numbers. Thank you in advance.
M.S.
You should use a cidr match lookup table.
https://docs.splunk.com/Documentation/Splunk/7.0.1/Knowledge/Addfieldmatchingrulestoyourlookupconfig...
Note when using match type CIDR your IP column whatever you call it must be in slash CIDR notation.