I am looking for a way to perform a search and produce results matching search results against a lookup table or vice versa. The scenario is a lookup table with two columns, IP & Description. I wish to run a search and produce results on the IP addresses that match the IP addresses in the lookup table. My syntax is not correct on what I have been able to test, see below for the SPL I was using. I know there must be a straight forward way to accomplish this task. Much appreciated for any support.
Thank you,
Tom
index="network" sourcetype="cisco:asa" | join src_ip [ search inputlookup append=t FLASHAB000089 | rename IPAddr as src_ip]
↧