Dashboards & Visualizations

How to use eval command to perform a CIDR matching inputlookup?

Motivator

I am trying to use a text box for an input, so I can input an IP address, and then perform a CIDR lookup with a lookup table that I currently have.

I’ve tried to use an eval command for CIDR matching, however it seems that the eval version of CIDR matching requires that the input be a single IP, and that I type in the prefix manually, which I have far too many of in the lookup table.

What I mean is this.

If I have the address: 192.104.169.139
I know that this is in this subnet range:

ext_ip,description
192.104.169.128/25,vendor_name

I need to be able to punch in the 192.104.169.139 into a text field, and then have it lookup the range, and return the ‘description’ field in a table within a dashboard.

Is there a way to use the eval command for this? I am attaching the XML I am using below:

 <form>
  <label>test input field</label>
  <description/>
  <fieldset submitButton="false">
    <input type="text" token="code" searchWhenChanged="true">
      <label>Input vendor code</label>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <searchString>| inputlookup vendor_lookup.csv | search code=$code$ | table description</searchString>
      </table>
    </panel>
  </row>

</form>
0 Karma

Explorer

You can try the following search (works with KV Store lookup where match_type=CIDR(ip) is specified in transforms.conf):

| makeresults
| eval query_ip="192.104.169.139"
| lookup lookup_table_name ip AS query_ip OUTPUT ip description
| fields - _time
| transpose

0 Karma

Champion
0 Karma