I'm trying to filter out my logs for all non campus/company IPs. I'd like to be able to do different searches for "allowed", "deny|denied", etc. to see what connections are being attempted/made.
I followed the directions here:
http://answers.splunk.com/answers/5916/using-cidr-in-a-lookup-table
and created a separate csv file currently containing 3 subnets (eg: 123.123.0.0/16) but am not quite able to get the results that I'm looking for. It appears to be working but is drastically filtering out many results when a simple search for "123.123.." returns thousands more.
Using the latest version of Splunk, what is a simple way, or the best practice, for entering in a handful of subnets and then returning results based on whatever other criteria I'm interested in. ("allow*", "deny|denied", ports)
I am a Splunk novice and have just installed the trial so my experience is quite limited.
Thanks
... View more