Hi:
I am trying to do looping search using lookup tables and map command, however, I cannot get the correct result. If possible, please help me get correct search command.
It is my logs.
Blockquote
md5=7e8b33fdaf6ff8a8e228883019bf7049 filetype="PE32 executable (GUI) Intel 80386, for MS Windows" dnsinfo_hostname=etsiunjour.fr dnsinfo_ip=176.31.255.41
Blockquote
First, I would like to get the value of dnsinfo_hostname field. Then I do lookup from the following csv file
dnsinfo_hostname, resolved_IP
etsiunjour.fr, 90.156.201.31
etsiunjour.fr, 90.156.201.71
etsiunjour.fr, 90.156.201.94
etsiunjour.fr, 90.156.201.113
aaa.com, 90.156.201.94
bbb.com, 90.156.201.71
ccc.com, 90.156.201.94
When I did the search to get dnsinfo_hostname=etsiunjour.fr with its resolved_Ip=[90.156.201.31, 90.156.201.71 ,90.156.201.94, 90.156.201.113] . For each resolve_IP, do lookups csv fil again to get:
90.156.201.94 ->[aaa.com, ccc.com]
90.156.201.71 ->[bbb.com]
Finally. I would like to show :
hostname=etsiunjour.fr, resolved_IP=[90.156.201.31, 90.156.201.71 ,90.156.201.94(aaa.com, ccc.com), 90.156.201.113],
Is it possible Splunk can help me do this ? Or I have to do it using external python code.
Thanks!
... View more