HBIT
asked on
Searching for data from a particular IP range using Splunk
I use Splunk 6 (free) for some basic keyword searching. Generally I just add a specific IP address and a keyword, and I get a hit if it has been indexed. My IP ranges are usually Class C, and I just used something like 10.10.10.* when wanting to search for that particular keyword in the subnet.
Recently I needed to do searches found in much larger IP ranges. For example 101.2.176.0 to 101.2.191.255.
How would I define that range with Splunk? I have looked at some articles, and there they used 101.2.176.0/20 format, but for the life of me I am unable to get it to work in my Splunk searches.
So, if my keyword was "error", and my range was 101.2.176.0 to 101.2.191.255, how would I add that to a Splunk search?
Recently I needed to do searches found in much larger IP ranges. For example 101.2.176.0 to 101.2.191.255.
How would I define that range with Splunk? I have looked at some articles, and there they used 101.2.176.0/20 format, but for the life of me I am unable to get it to work in my Splunk searches.
So, if my keyword was "error", and my range was 101.2.176.0 to 101.2.191.255, how would I add that to a Splunk search?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.