Solved

Searching for data from a particular IP range using Splunk

Posted on 2014-10-21
1
1,800 Views
Last Modified: 2014-11-02
I use Splunk 6 (free) for some basic keyword searching.  Generally I just add a specific IP address and a keyword, and I get a hit if it has been indexed.  My IP ranges are usually Class C, and I just used something like 10.10.10.* when wanting to search for that particular keyword in the subnet.

Recently I needed to do searches found in much larger IP ranges.  For example 101.2.176.0 to 101.2.191.255.
How would I define that range with Splunk?  I have looked at some articles, and there they used 101.2.176.0/20 format, but for the life of me I am unable to get it to work in my Splunk searches.

So, if my keyword was "error", and my range was 101.2.176.0 to 101.2.191.255, how would I add that to a Splunk search?
0
Comment
Question by:hbcit
1 Comment
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
Comment Utility
Probably tab on the answers.splunk forum for such queries, I input the "ip range" to search in the forum as below.
http://answers.splunk.com/search.html?f=&redirect=search%2Fsearch&sort=relevance&q=ip+range&type=question

Some may be useful below.

Search for multiple IP ranges - using where and cidrmatch or octet range rule
http://answers.splunk.com/answers/13251/search-for-multiple-ip-ranges.html

Using CIDR in a lookup table - Create a CSV lookup table with your subnets
http://answers.splunk.com/answers/5916/using-cidr-in-a-lookup-table.html

Conditional search for multiple IP ranges e.g. IP regex such as regex clientaddress="10\.([1-9]|[1-9][0-9]|1[0-9][0-9]|200)\.([8-9][0-9]|1[0-9][0-9])\.(2(3[1-9]|4[0-9]|5[0-4]))"
http://answers.splunk.com/answers/13251/search-for-multiple-ip-ranges.html
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now