So IP to a subnet CIDR match has always worked in Splunk. No issues there. BUT a request came where we need to do a subnet to subnet CIDR match, and other than hacking my way out of it, I don’t think the cidrmatch function honors that.
IPCidr = 10.1.1.0/24
Cidrmatch doesn’t work when I try to check IpCidr in Subnetlookup,csv.. The moment I change it to 10.1.1.1, it works.
Any ideas.. is there any other function that does that?