Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do you CIDR Match a subnet in a list of subnets?

theouhuios
Motivator
‎02-28-2019 12:34 PM

So IP to a subnet CIDR match has always worked in Splunk. No issues there. BUT a request came where we need to do a subnet to subnet CIDR match, and other than hacking my way out of it, I don’t think the cidrmatch function honors that.

Example..

IPCidr = 10.1.1.0/24

Subnetlookup.csv

10.1.0.0/16
10.2.1.0/24
10.2.0.0/16

Cidrmatch doesn’t work when I try to check IpCidr in Subnetlookup,csv.. The moment I change it to 10.1.1.1, it works.

Any ideas.. is there any other function that does that?

Reply
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...