Splunk search with regex8/12/2023 Then by the “table” command we have taken the “IP” field and by the “dedup” command we have removed the duplicate values. Here we have used “!” sign for not matching the specified regex-expression. By the “regex” command we have taken the ip addresses which are not class A private ip addresses (10.0.0.0 to 10.255.255.255 ) from the “IP” field. In the above query “IP” is the existing field name in “ip” index and sourcetype name is “iplog”.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |