Splunk Search

Can search sytax use the notation of network mask like /24

hjwang
Contributor

Dear all, i wanna filter the specific ip range for one country, can search sytax use the notation of network mask like /24, for instance, the ip range from 110.77.0.0 to 110.77.127.255, i hope i can use 110.77.0/17 rather than 110.77.0.~110.77.127. as filter condition. Any other better suggestions?Thanks

Tags (1)
0 Karma
1 Solution

gkanapathy
Splunk Employee
Splunk Employee

Yes, you can, but only as a field value match, i.e., you can search for ipaddr=110.77.0.0/23 but not for just 110.77.0.0/23.

View solution in original post

gkanapathy
Splunk Employee
Splunk Employee

Yes, you can, but only as a field value match, i.e., you can search for ipaddr=110.77.0.0/23 but not for just 110.77.0.0/23.

View solution in original post

usethedata
Path Finder

@southeringtonp -- Thank you for posting the cross-reference. That second question is exactly what I needed.

0 Karma

sdwilkerson
Contributor

You rock Gerald!

0 Karma

southeringtonp
Motivator

You can also use cidrmatch in the eval command. If you are dealing with known (usually internal) subnets, you can also resolve them by name - see this thread: http://answers.splunk.com/questions/5916/using-cidr-in-a-lookup-table

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!