Hi splunk guru's.
I'm trying to find a way (using SPL only - i am not an admin) to do the following:
My vulnerability data feed has IP address of the vulnerable machine with description of the specific vulnerability.
I also have a lookup table with site information based on CIRD - like that one:
Site: IP Range:
TexasOffice 10.12.1.0/24
What I want is to be able to pull the Site name near the IP.
So If my SPL query gives me the following:
IP, Vulnerability Description, Vulnerability name.
I would like to be able to add the Site name at the end of if without changing transforms.conf since I have no admin rights to splunk.
↧