Splunk Search

How do I exclude a subnet from a search using CIDR notation?

jlawsonmers
New Member

How do I exclude a subnet from a search using CIDR notation? For example, I have this search:

"%ASA-4-733100" OR "%ASA-4-733104" OR "%ASA-4-733105" NOT "[ Scanning]" NOT "[   172.16.10.2]" NOT "[           DNS   53]" NOT "[  NetBIOS-Name  137]"

I would like to exclude 192.168.0.0/16 from this search. What is a simple way to do this?

Tags (1)
0 Karma

kristian_kolb
Ultra Champion
0 Karma

jlawsonmers
New Member

Should I use NOT "host_ip=192.168.0.0/16" or should I leave off the quotation marks?

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...