https://community.splunk.com/t5/Splunk-Search/IP-Address/m-p/287473#M87026 <P>Just a note -- you can also run CIDR matches in the base search. E.g., <CODE>index=sources_Ip sources_ip=10.1.4.0/24 OR sources_ip=10.1.5.0/24</CODE>. </P> Fri, 23 Oct 2015 15:20:15 GMT David 2015-10-23T15:20:15Z https://community.splunk.com/t5/Splunk-Search/IP-Address/m-p/287471#M87024 <P>Hi,</P> <P>I want to find the IP address : 10.1.4.0 <STRONG>to</STRONG> 10.1.41.128 on Splunk Search.<BR /> Is there an efficient query than OR ? (index=sources_Ip (sources_ip="10.1.4.0" OR sources_ip="10.1.4.1" OR sources_ip="1.1.4.2" OR ...) )</P> <P>Thanks</P> <P>S.V</P> Tue, 29 Sep 2020 07:39:51 GMT https://community.splunk.com/t5/Splunk-Search/IP-Address/m-p/287471#M87024 rahmania 2020-09-29T07:39:51Z https://community.splunk.com/t5/Splunk-Search/IP-Address/m-p/287472#M87025 <P>You could use wildcards to simplify the query.</P> <PRE><CODE>index=sources_Ip sources_ip="10.1.*" </CODE></PRE> <P>Or perhaps you can use CIDRs.</P> <PRE><CODE>index=sources_Ip | where (cidrmatch("10.1.4.0/24", sources_ip) OR cidrmatch("10.1.5.0/24", sources_ip) ...) | ... </CODE></PRE> Fri, 23 Oct 2015 12:19:12 GMT https://community.splunk.com/t5/Splunk-Search/IP-Address/m-p/287472#M87025 richgalloway 2015-10-23T12:19:12Z https://community.splunk.com/t5/Splunk-Search/IP-Address/m-p/287473#M87026 <P>Just a note -- you can also run CIDR matches in the base search. E.g., <CODE>index=sources_Ip sources_ip=10.1.4.0/24 OR sources_ip=10.1.5.0/24</CODE>. </P> Fri, 23 Oct 2015 15:20:15 GMT https://community.splunk.com/t5/Splunk-Search/IP-Address/m-p/287473#M87026 David 2015-10-23T15:20:15Z