Hello everyone,
I got several fields in search result (name, ip_src). Now I have lookup with 2 columns:
name | subnet |
name1 |
10.10.10.1/24 |
name2 |
10.20.10.1/24 |
name3 |
10.20.10.1/24 |
I need firstly find by name corresponding subnet (for example I got in search result "name1" in field name, there is subnet 10.10.10.1/24) and next compare if src_ip of this name matches subnet.
Thank you for your help in advance
You can lookup a name in the lookup file and get the subnet back by using the lookup command.
<<your search>>
| lookup mylookup.csv name OUTPUT subnet
Test if a given field matches the subnet by using the cidrmatch function.
| eval match=if(cidrmatch(subnet, src_ip), "match", "nomatch")
You can lookup a name in the lookup file and get the subnet back by using the lookup command.
<<your search>>
| lookup mylookup.csv name OUTPUT subnet
Test if a given field matches the subnet by using the cidrmatch function.
| eval match=if(cidrmatch(subnet, src_ip), "match", "nomatch")
thank you, very much