SBN

Cleaning up Splunks .CSV export

Exported a bunch of IPs from Splunk that met a certain criteria.. best it could do was .csv, which gave me this… I needed the count too, temporarily…

10.61.2.66″,1

10.61.3.253″,1

10.61.6.74″,1

10.61.9.102″,1

10.61.9.141″,1

10.62.11.161″,1

….
Fortunately Linux has the built in tools to take this output and easily give me a list of IPs, one per line with no duplicates that I can then script to get the hostname..

eowyn02:~ jeffsoh$ awk ‘NR%2==1’ mad_clients.csv | cut -d ‘“’ -f1 | sort -u

10.16.110.121
10.165.64.189
10.165.70.155
10.17.100.7
10.184.192.251
10.184.192.252
10.184.193.112
10.184.193.166
10.184.193.171
10.184.193.172
10.184.193.219
10.184.193.37
10.184.193.43
10.184.194.17
10.184.21.18
10.184.21.90
10.184.22.188
10.184.22.229

The awk command shows every second line, so the line with the IP address and not the line with a double quote only.
The cut command sets the double quote character as the delimiter and shows the first field, so what is before the double quote, the IP address.
And then we sort and remove dups with the -u, the unique parameter to sort..

*** This is a Security Bloggers Network syndicated blog from JeffSoh on NetSec authored by JeffSoh. Read the original post at: https://jeffsoh.blogspot.com/2020/03/cleaning-up-splunks-csv-export.html