We are searching new environments monthly this means we are blind going in. I can get Splunk to stat out a total list of ips, but i'm not sure how to get it to find all the VLANs. Here is an example search.
sourcetype="bro_conn" src_ip=192.168.0.0/16 OR src_ip=172.16.0.0/12 OR src_ip=10.0.0.0/8 | stats count by src_ip | table src_ip
It gives me a list of Private ip addresses in the Bro Conn log. I would like to see all the VLANS that these ips reside on.
for example lets say my search returned:
192.168.0.123
192.168.10.30
192.168.20.32
10.1.0.100
10.10.2.45
i would like to no that 5 total subnets maybe even list them out as
192.168.0
192.168.10
192.168.20
10.1.0
10.10.2
↧