Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

compare a previous result

jmsiegma
Path Finder
‎05-07-2013 09:51 PM

I have created a search for my VPN users, when they connect, from where they connect (SRC IP) and geoip that IP to lookup the country, city, state.

What I would like to do now is to be able to store that value, and the next time that user logs in so that I would be able to display their last IP, and Geo location information, so I can build a trend as to if that user is logging in from the same place or not.

Any way to do this?

Reply
1 Solution
Solved! Jump to solution
Solution

lguinn2
Legend
‎05-07-2013 10:02 PM

You could have your search results output to a csv file and then use that file as a lookup table in the future.

Here is a answer that talks about this idea, although the question is different: Lookup table populating from a saved search

Here is some info from the documentation (but you may need to read a little more about lookups, too):
Use Search Results to Populate a Lookup Table

View solution in original post

Reply
Solved! Jump to solution
Solution

lguinn2
Legend
‎05-07-2013 10:02 PM

You could have your search results output to a csv file and then use that file as a lookup table in the future.

Here is a answer that talks about this idea, although the question is different: Lookup table populating from a saved search

Here is some info from the documentation (but you may need to read a little more about lookups, too):
Use Search Results to Populate a Lookup Table

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...