I'm newbie with Splunk and I would like to compare IP list that I get with below search:
index=com-mng-puppet host="puppetmaster*" clientip!="::1" | dedup clientip | stats count by clientip
Between different weeks, because I would like to know new IP's or the IP's weren't recorded in the logs. As I have seen there is different ways.
Exporting to csv and using set diff, however I don't know how I can do it. I know export to csv, but how would I compare?
Using count and stat by IP, I'm not sure that's right
index=com-mng-puppet host="servername*" clientip!="::1" | dedup clientip | stats count by clientip [ search earliest=-14d@d latest=-7d@d source=com-mng-puppet | stats count by clientip | fields clientip ] | stats dc(clientip) as "New IP's this week"
What do you recommend me and can you please give any suggestion?
Thanks in advance
... View more