Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2929
  • Last Modified:

Searching for data from a particular IP range using Splunk

I use Splunk 6 (free) for some basic keyword searching.  Generally I just add a specific IP address and a keyword, and I get a hit if it has been indexed.  My IP ranges are usually Class C, and I just used something like 10.10.10.* when wanting to search for that particular keyword in the subnet.

Recently I needed to do searches found in much larger IP ranges.  For example 101.2.176.0 to 101.2.191.255.
How would I define that range with Splunk?  I have looked at some articles, and there they used 101.2.176.0/20 format, but for the life of me I am unable to get it to work in my Splunk searches.

So, if my keyword was "error", and my range was 101.2.176.0 to 101.2.191.255, how would I add that to a Splunk search?
0
hbcit
Asked:
hbcit
1 Solution
 
btanExec ConsultantCommented:
Probably tab on the answers.splunk forum for such queries, I input the "ip range" to search in the forum as below.
http://answers.splunk.com/search.html?f=&redirect=search%2Fsearch&sort=relevance&q=ip+range&type=question

Some may be useful below.

Search for multiple IP ranges - using where and cidrmatch or octet range rule
http://answers.splunk.com/answers/13251/search-for-multiple-ip-ranges.html

Using CIDR in a lookup table - Create a CSV lookup table with your subnets
http://answers.splunk.com/answers/5916/using-cidr-in-a-lookup-table.html

Conditional search for multiple IP ranges e.g. IP regex such as regex clientaddress="10\.([1-9]|[1-9][0-9]|1[0-9][0-9]|200)\.([8-9][0-9]|1[0-9][0-9])\.(2(3[1-9]|4[0-9]|5[0-4]))"
http://answers.splunk.com/answers/13251/search-for-multiple-ip-ranges.html
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now