Hi Community,
Suppose I get a list of IPs once a week and I want to search all the indexes for these IPs. Is it possible to take a list of IPs, paste them into a field on a dashboard, click Submit to search all of the indexes (or maybe one or two from a dropdown) for any events? This includes Splunk automatically adding ORs between each IP.
Ideally, I want to copy and paste into a field, click submit and run the following query:
search index=* ( 10.0.0.1 OR 10.0.0.2 OR 10.0.0.3 )
Those results would be populated into a statistics table. Is there a more efficient way or is this even possible?
↧