https://community.splunk.com/t5/Getting-Data-In/Exclude-CIDR-range-from-search-results/m-p/140565#M28818 <P>Check this app I created. </P> <P>on Bitbucket: <A href="https://bitbucket.org/intalock/incidr/src/master/">https://bitbucket.org/intalock/incidr/src/master/</A><BR /> on Github : <A href="https://github.com/morethanyell/incidr">https://github.com/morethanyell/incidr</A></P> <P>This is an app I created that accepts multiple cidr blocks</P> Wed, 30 Oct 2019 04:03:45 GMT morethanyell 2019-10-30T04:03:45Z https://community.splunk.com/t5/Getting-Data-In/Exclude-CIDR-range-from-search-results/m-p/140561#M28814 <P>Hi Splunk Answers,</P> <P>I want to exclude IP addresses from certain networks in search results. The range is 10.52.0.0/24 - 10.52.40.0/24.</P> <P>If I want to exclude using one range I would use</P> <PRE><CODE>| where NOT cidrmatch("10.52.0.0/24") </CODE></PRE> <P>How would I exclude multiple ranges?</P> Tue, 02 Jun 2015 23:06:20 GMT https://community.splunk.com/t5/Getting-Data-In/Exclude-CIDR-range-from-search-results/m-p/140561#M28814 shiftey 2015-06-02T23:06:20Z https://community.splunk.com/t5/Getting-Data-In/Exclude-CIDR-range-from-search-results/m-p/140562#M28815 <P>Here you go:</P> <PRE><CODE> ... |where (NOT cidrmatch("10.52.0.0/24",ipfield) AND NOT cidrmatch("10.52.40.0/24",ipfield))|table ipfield </CODE></PRE> <P>Thanks</P> Wed, 03 Jun 2015 12:56:36 GMT https://community.splunk.com/t5/Getting-Data-In/Exclude-CIDR-range-from-search-results/m-p/140562#M28815 stephanefotso 2015-06-03T12:56:36Z https://community.splunk.com/t5/Getting-Data-In/Exclude-CIDR-range-from-search-results/m-p/140563#M28816 <P>What if I wanted to use a lookup table for this? I have a lookup table of just a list of CIDR blocks and I want to exclude them when searching.</P> Fri, 02 Nov 2018 18:10:50 GMT https://community.splunk.com/t5/Getting-Data-In/Exclude-CIDR-range-from-search-results/m-p/140563#M28816 ptate 2018-11-02T18:10:50Z https://community.splunk.com/t5/Getting-Data-In/Exclude-CIDR-range-from-search-results/m-p/140564#M28817 <P>1) Create a lookup table of cidr blocks<BR /> 2) Create a lookup definition with the CIDR advanced option for matching<BR /> 3) Use the lookup command and NOT out_field=*</P> <PRE><CODE>index=... | lookup my_def in_field OUTPUT out_field | search NOT out_field=* </CODE></PRE> Thu, 18 Apr 2019 18:10:54 GMT https://community.splunk.com/t5/Getting-Data-In/Exclude-CIDR-range-from-search-results/m-p/140564#M28817 landen99 2019-04-18T18:10:54Z https://community.splunk.com/t5/Getting-Data-In/Exclude-CIDR-range-from-search-results/m-p/140565#M28818 <P>Check this app I created. </P> <P>on Bitbucket: <A href="https://bitbucket.org/intalock/incidr/src/master/">https://bitbucket.org/intalock/incidr/src/master/</A><BR /> on Github : <A href="https://github.com/morethanyell/incidr">https://github.com/morethanyell/incidr</A></P> <P>This is an app I created that accepts multiple cidr blocks</P> Wed, 30 Oct 2019 04:03:45 GMT https://community.splunk.com/t5/Getting-Data-In/Exclude-CIDR-range-from-search-results/m-p/140565#M28818 morethanyell 2019-10-30T04:03:45Z