HI
please tell me how to write the query for the range of the IP ADDRESS Such as
src!=10.0.0.0/8 To src!=10.24.1.3
convert src to a number e.g. A.B.C.D => (A*256*256*256)+(B*256*256)+(C*256)+D and filter by equivalent numbers for your ip range
The following example uses the cidrmatch function as a filter to remove events that do not match the ip address:
| where cidrmatch("10.0.0.0/8", src)
Also you can use the below command as well if the above one is not working:
| search src>="10.0.0.0/8" src<="10.24.1.3"