Hello everyone,
I am trying to compare a list of IPs from a lookup with a output from a search field, and instated of do this,
| search ( dest_ip!=10.0.0.0/8 AND dest_ip!=172.16.0.0/12 AND dest_ip!=192.168.0.0/16 ...)
I want to have a lookup with the ips ranges and exclude from the results the ip that matchs with the lookup.
My lookup is like:
ips
13.64.0.0/11
13.96.0.0/13
13.104.0.0/14
....
Really thanks in advance.
Hi @gl_splunkuser,
You can use the lookup for search; I assume your lookup name is "ips_lookup" and has a field called "ips". Please update these with the correct ones.
| search NOT
[| inputlookup ips_lookup
| fields ips
| rename ips as dest_ip]
Hi @gl_splunkuser,
You can use the lookup for search; I assume your lookup name is "ips_lookup" and has a field called "ips". Please update these with the correct ones.
| search NOT
[| inputlookup ips_lookup
| fields ips
| rename ips as dest_ip]