I try to exclude the private ip range with command | search NOT ( src=10.0.0.0/8 OR src=192.168.0.0/16 OR src=172.16.0.0/12)
but I still found the private ips in my search result
search command is doing simple string searching, so what you want is
| where !(cidrmatch("10.0.0.0/8", src) OR cidrmatch("192.168.0.0/16", src) OR cidrmatch("172.16.0.0/12", src))
search command is doing simple string searching, so what you want is
| where !(cidrmatch("10.0.0.0/8", src) OR cidrmatch("192.168.0.0/16", src) OR cidrmatch("172.16.0.0/12", src))
It works, thanks