Problem: Huge list of IP addresses across multiple subnets, how to group and list in order of subnets.

This is what we came up with:

index=dhcp dest_ip="10.0.0.0/8" | where dest != dest_ip | stats count(dest) by dest, dest_ip | eval ipoctet=split(dest_ip, ".") | eval int1=floor(tonumber(mvindex(ipoctet,0))*16777216) | eval int2=floor(tonumber(mvindex(ipoctet,1))*65536) | eval int3=floor(tonumber(mvindex(ipoctet,2))*256) | eval ipv4int=int1+int2+int3+(tonumber(mvindex(ipoctet,3))) | sort ipv4int | table dest, dest_ip, ipv4int