I'm new to creating custom search commands, and haven't been able to understand the examples in the SDK repo on GitHub, if someone can point me to or provide a step by step guide to achieve the below that'd be really appreciated.
Problem: I need to filter my results to only include events where a field (cidr) is a subnet of a range entered on a dashboard ($search_cidr$).
As the builtin cidrmatch(CIDR, IP) only works with an IP and a CIDR range, I don't beleive I can do this natively, so I'm thinking a custom where command is the way to go, so I can do something like this in SPL:
| from datamodel:mymodel | where SubnetOf(cidr, "$search_cidr$")
I've written a basic Python function in my apps bin directory to do the comparison, it takes either (IP, Subnet) or (Subnet. Subnet) and returns a boolean, however I don't know how to turn this into a filter for the where command to use.