Go to Qiita Advent Calendar 2024 Top
LoginSignup
1
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 1 year has passed since last update.

@Ruo_Ando(類央 安藤)

Splunk CIDRMATCHをするルックアップテーブルの登録

Last updated at Posted at 2021-02-07

略式ですが。。。

SplunkのGUIで、settings -> Licensingを選択

CSVファイルをアップロードする

下記を入力
Destination filename: My_CSV_File


/splunk/etc/apps/search/default# more transforms.conf 
[geo_us_states]
external_type = geo
filename = geo_us_states.kmz

[geo_countries]
external_type = geo
filename = geo_countries.kmz

[geo_attr_us_states]
filename = geo_attr_us_states.csv

[geo_attr_countries]
filename = geo_attr_countries.csv

[ip_address_lookup]
filename = My_CSV
match_type = CIDR(CIDR)
max_matches = 1

このようにして使う。CIDRMATCHは、lookupの定義ファイルでなく、transforms.confを修正するのがポイント。

lookup ip_address_lookup CIDR as source_ip

1
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
1
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?