I am new using Splunk, sorry.
I need to separate a lot of subnets by name. I would like (txt) to read a file kind of:
10.0.1.0/16 NAME1
10.5.0.0/24 NAME2
...
I am using this search now : | eval org=case(cidrmatch("10.118.68.0/23",src),"NAME1", cidrmatch("10.118.103.0/26",src_ip),"NAME2") | stats by org
The question is that I have a lot of subnets and I need to simplify the query, and I wonder if is there any way to read a file in the eval function, using awk or something like that?
Thanks in advance.
↧