I've been reading this link here http://docs.splunk.com/Documentation/PCI/2.1.1/Install/Configureinterestingports and I need more information on how I can create a search using a network datamodel. I want to be able to create a search that uses this lookup table to show all the drops or blocks from certain IPs. I know that I can edit the lookup table that splunk has to add what I need but I need more information than this link provides. Any help would be great. Thanks.
↧