Hello All,
This is what i want to achieve. I have dhcp logs getting indexed to splunk. Our virus scanners periodically alert us of workstation ip addresses which have virus infections. I want to find out associated machine names with these ip addresses I can have an input csv file consumed by splunk. Now i want to run a splunk search to identify workstation names that had those ip addresses over a given period of time and display them in a table.
E.g input.csv 192.168.122.14 192.168.123.46
The idea is to not search for each ip address manually to find put the associated wprkstation name which can be time consuming. How can i achieve this ?
I am hoping one of you can help me out here. Thank you
