Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How does cidrmatch work?

danielbb
Motivator
‎09-26-2019 06:29 AM

The following code -

| eval ipa="10.22.3.2" 
| eval ret=if(cidrmatch("10.0.0.0/8", ipa), "tr", "fl") 
| return ret

Returns -

alt text

Why is that?

Tags (1)
Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

harsmarvania57
Ultra Champion
‎09-26-2019 07:14 AM

It is correct, because IP 10.22.3.2 belongs to CIDR Range 10.0.0.0/8 -> 10.0.0.0-10.255.255.255

View solution in original post

Reply
Solved! Jump to solution
Solution

harsmarvania57
Ultra Champion
‎09-26-2019 07:14 AM

It is correct, because IP 10.22.3.2 belongs to CIDR Range 10.0.0.0/8 -> 10.0.0.0-10.255.255.255

Reply
Solved! Jump to solution

danielbb
Motivator
‎09-26-2019 07:32 AM

Very kind @harsmarvania57 - please convert to an answer...

0 Karma
Reply
Solved! Jump to solution

danielbb
Motivator
‎09-26-2019 06:44 AM

Ok,

by adding the makeresults

| makeresults
| eval ipa="10.22.3.2" 
| eval ret=if(cidrmatch("10.0.0.0/8", ipa), "tr", "fl")
| return ret

I get ret="tr".

Not sure whether ret="tr" is correct...

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...