Hey Team, I have some 150+ ip addresses in CIDR format (IE 96.24.0.0/16, etc) , i am getting my search result with one values coming as dst_ip 96.24.123.123.
i need to filter out this event. so basically if it would be one,, i can simply do in my SPL dst_ip!= (96.24.0.0/16) or NOT dst_ip IN ((96.24.0.0/16),
but i have around 150+ cidr that i need to filter out. i tried to add them into lookup file and it seems cidr in lookfile is not working. can someo
you have to try something like this to make it work with lookups
https://community.splunk.com/t5/Splunk-Search/Using-CIDR-in-a-lookup-table/m-p/35787
like/accept if it works for you!