Searching ARIN for a given IP address

IP addresses, on their own, can only give a tiny glimpse into their association, where they are from, or what they are for. You might be able to determine if an IP is from a private range, what asset it belongs to, or if it is from a well-known server, but in many cases, you might not know much about the IPs in question.

In this recipe, you will learn how to leverage Splunk's workflow functionality to search an IP address in your events against the ARIN (American Registry for Internet Numbers) database to look up more useful information about the IP in question, such as who the IP address is assigned to.

Getting ready

To step through this recipe, you will need a running Splunk Enterprise server, with the sample ...

Get Splunk Operational Intelligence Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Splunk Operational Intelligence Cookbook by Josh Diakun, Paul R Johnson, Derek Mock

Searching ARIN for a given IP address

Getting ready

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly