Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to filter out event in Splunk -IP address search via CIDR

saurav47
Loves-to-Learn Lots
‎04-12-2022 09:21 AM

Hey Team, I have some 150+ ip addresses in CIDR format (IE 96.24.0.0/16, etc) , i am getting my search result with one values coming as  dst_ip 96.24.123.123. 

i need to filter out this event. so basically if it would be one,, i can simply do in my SPL dst_ip!= (96.24.0.0/16) or NOT dst_ip IN ((96.24.0.0/16), 

but i have around 150+ cidr that i need to filter out. i tried to add them into lookup file and it seems cidr in lookfile is not working. can someo

Labels (3)
Labels
0 Karma
Reply

mayurr98
Super Champion
‎04-12-2022 09:43 AM

you have to try something like this to make it work with lookups 

 

https://community.splunk.com/t5/Splunk-Search/Using-CIDR-in-a-lookup-table/m-p/35787

 

like/accept if it works for you!

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...