Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Use a lookup file to tag IP blocks

arseniof
New Member
‎10-29-2019 02:19 PM

So what I want to do is tag all IPs that belong to certain AWS regions and filter out those IPs. I want to try and tag them the most efficient way. I thought maybe a lookup file with all of their IP blocks. Are lookup files capable of doing this? I know that you can just use
ip="52.95.245.0/24" and that would filter out all IPs in that block but they have a ton of regions which would be a really large query (almost 2000 blocks!). Any direction would be helpful. 🙂

0 Karma
Reply

rmmiller
Contributor
‎10-29-2019 03:34 PM

I just answered a similar question this morning about lookups using CIDR blocks:
https://answers.splunk.com/answers/777135/how-to-make-a-visualization-using-a-lookup-with-ip.html#an...

Since tagging is last in the order of operations, it should be possible as long as you have information about all of the subnets in use across AWS regions.

rmmiller

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...