How do I exclude a subnet from a search using CIDR notation? For example, I have this search:
"%ASA-4-733100" OR "%ASA-4-733104" OR "%ASA-4-733105" NOT "[ Scanning]" NOT "[ 172.16.10.2]" NOT "[ DNS 53]" NOT "[ NetBIOS-Name 137]"
I would like to exclude 192.168.0.0/16 from this search. What is a simple way to do this?
Perhaps this can enlighten you;
http://answers.splunk.com/answers/130030/how-does-one-search-for-a-cidr-range-of-addresses
/K
Should I use NOT "host_ip=192.168.0.0/16" or should I leave off the quotation marks?