Hi there, what's the best way to append a search with a lookup with ip subnet ranges and some extra information for those IP's?
iprange.csv
clientip, zone, areacode
127.0.0.1/24, home, 255
I've added the transforms.conf in the app:
[iprange]
filename = iprange.csv
default_match = OK
match_type = CIDR(clientip)
and the search:
sourcetype=firewall area=* | lookup iprange.csv clientip as src OUTPUT clientip zone area |table src, zone, area
Yet it doesn't seem to work so far, any suggestions?
... View more